Hackers Exploited Ubuntu, Adobe Reader, Sharepoint, Tesla ECU & Oracle VM
This year’s Pwn2Own Vancouver 2024 match is anticipated to be the very most attention-grabbing in Vancouver ancient previous, each and every by manner of entries and doable rewards.
The match’s victors will receive over $1,300,000 in money and prizes, which encompass a Tesla Mannequin 3.
The outcomes of Pwn2Own Vancouver 2024’s first day were launched, and the hackers particularly hacked Oracle VM, Adobe Reader, Microsoft Sharepoint, Tesla ECU, and Ubuntu.
As of the cease of Day 1, the winners have gotten $732,500 USD for 19 decided 0 days.
The Highlights Of Day 1
AbdulAziz Hariri of Haboob SA turned into once ready to launch the match by successfully executing their code execution attack against Adobe Reader.
He blended a Dispute Injection self-discipline with an API Restriction Bypass. As well to to 5 Master of Pwn aspects, he receives $50,000.
The LPE attack against Residence windows 11 turned into once successfully accomplished by the DEVCORE Learn Team.
They merged a pair of bugs, life like one of which turned into once a TOCTOU shuffle condition that could well well be unhealthy. Three Master of Pwn aspects and $30,000 are theirs.
With magnificent one UAF trojan horse, Seunghyun Lee (@0x10n) of the KAIST Hacking Lab turned into once ready to form their exploit of the Google Chrome net browser. They secure six Master of Pwn aspects and $60,000.
Combining a heap-based entirely buffer overflow, a UAF, and an uninitialized variable flaw, Gwangun Jung (@pr0ln) and Junoh Lee (@bbbig12) from Theori (@theori_io) were ready to escape VMware Workstation and speed code as SYSTEM on the host Residence windows OS.
They receive $130,000 and 13 Master of Pwn aspects for his or her famed achievement.
Two Oracle VirtualBox disorders, including a buffer overflow, were blended with a Residence windows UAF by Bruno PUJOS and Corentin BAYET from REverse Tactics (@Reverse_Tactics) to permit the visitor OS to escape and speed code as SYSTEM on the host OS.
They receive $90,000 and nine Master of Pwn aspects for this famed overview.
The Synacktiv (@synacktiv) team exploited the Tesla ECU with Automobile (VEH) CAN BUS Protect an eye on by the utilize of a single integer overflow.
The winners receive a brand original Tesla Mannequin 3 (their 2d!), $200,000, and 20 Master of Pwn aspects.
Manfred Paul (@_manfp) leverages a PAC bypass exploiting an Apple Safari vulnerability to set apart RCE on the browser thru an integer underflow flaw.
He features six Master of Pwn aspects and $60,000 for himself.
Oracle VirtualBox turned into once exploited by Dungdm (@_piers2) of Viettel Cyber Security the utilize of two bugs, including the continuously unhealthy shuffle condition.
They secure four Master of Pwn aspects and $20,000 as the round three winners.
That concludes Pwn2Own Vancouver 2024’s first day. Let’s request if Manfred Paul can secure as much as Synacktive or if they will support their Master of Pwn lead.
Discover this link to stare this highly competitive contest’s detailed itinerary. Furthermore, yow will stumble on a total overview of the Pwn2Own Vancouver 2024 Day 1 outcomes here.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Discover us on LinkedIn & Twitter.
Source credit : cybersecuritynews.com