Microsoft Teams, Virtualbox, Tesla Zero-Days Exploited – Pwn2Own Day Two
At Pwn2Own Vancouver 2023 Day 2, for 10 uncommon zero-day exploits, the people bought $475,000 of cash prizes.
The Tesla Model 3, the Microsoft Groups verbal replace platform, the Oracle VirtualBox virtualization platform, and the Ubuntu Desktop operating plot rep been all on the checklist of targets that rep been hacked.
Thomas Imbert made the first demonstration (@masthoon), and Thomas Bouzerar (@MajorTomSec) of Synacktiv (@Synacktiv), showed a three-bug chain against Oracle VirtualBox, with a host EoP.
There used to be already one bug in existence. As effectively as, they rep 8 Master of Pwn points and $80,000.
Microsoft Groups used to be also hacked by Crew Viettel (@vcslab) the use of a 2-bug chain, incomes them $75,000 and 8 Master of Pwn points.
Tesla – Infotainment David Berard exploited unconfined Root (@ p0ly_) and Vincent Dehors (@vdehors) of Synacktiv (@Synacktiv) through a heap overflow and an OOB write. After collecting $250,000 and 25 Master of Pwn points, they’re eligible for a Tier 2 reward.
Oracle VirtualBox used to be exploited by dungdm (@ piers2) of Crew Viettel (@vcslab) the use of an uninitialized variable and a UAF flaw. They gain $40,000 and 4 Master of Pwn points.
In the Ubuntu Desktop, Tanguy Dubroca (@SidewayRE) of Synacktiv (@Synacktiv) employed an unsuitable pointer scaling, main to privilege escalation. $30k and 3 Master of Pwn points are theirs to retain.
From March 22 and March 24, people in Pwn2Own Vancouver 2023 can discover $1,080,000 in money and two Tesla Model 3 autos.
Throughout the competition, researchers will focal level on merchandise from different classes, equivalent to enterprise applications, enterprise communications, servers, virtualization, car, and native escalation of privilege (EoP).
“This yr’s tournament promises some thrilling compare as we rep 19 entries targeting 9 different targets – at the side of two Tesla attempts”, says ZDI.
“For this yr’s tournament, every spherical will pay elephantine set up, which technique if all exploits be triumphant, we’ll award over $1,000,000 USD”.
Building Your Malware Defense Strategy – Fetch Free E-Book
Old Protection
- Dwelling windows 11, Tesla, macOS & Ubuntu Desktop Hacked – Pwn2Own Day One
- Samsung Galaxy S22 Hacked Multiple Events at Pwn2Own Hacking Contest Day 1
- 26 Uncommon 0-Day Bug Exploited In Pwn2Own Hacking Contest – Day 2
Source credit : cybersecuritynews.com