Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

$200,000 Awarded for Zero-Click Zoom Exploit at Pwn2Own

Two researchers earned $200,000 on the second day of the Pwn2Own 2021 hacking competition for a Zoom exploit allowing remote code execution without user interaction.

Two researchers earned $200,000 on the second day of the Pwn2Own 2021 hacking competition for a Zoom exploit allowing remote code execution without user interaction.

The exploit, demonstrated by Daan Keuper and Thijs Alkemade from Computest, involves three vulnerabilities and it works on the latest versions of Windows 10 and Zoom. In the demo at Pwn2Own, the victim saw a meeting invitation from the attacker, but the victim didn’t actually have to click anything to trigger the code execution.

Pwn2Own 2021Also on the second day of Pwn2Own 2021, Bruno Keith and Niklas Baumstark of Dataflow Security earned $100,000 for an exploit that works both on the Chrome and Microsoft Edge web browsers.

If attempts to hack the Parallels virtualization product failed on the first day, on the second day, Jack Dates from RET2 Systems and Sunjoo Park (aka grigoritchy) earned $40,000 each for executing code on the underlying operating system through the Parallels Desktop application.

There were also two successful attempts to escalate privileges on Windows 10 and one successful privilege escalation exploit on Ubuntu. These earned participants $40,000 and $30,000, respectively.

Team Viettel attempted to hack Microsoft Exchange, but their exploit leveraged a vulnerability that was used earlier in the competition so their attempt counted as a partial win.

On the first day of Pwn2Own 2021, participants earned $570,000, including $440,000 for exploits targeting Microsoft products (Teams, Exchange and Windows). According to Trend Micro’s Zero Day Initiative (ZDI), which organizes the competition, it’s the first time more than one million dollars have been paid out in total at Pwn2Own, and there are still several more attempts scheduled for the last day of the event.

The hacking attempts scheduled for the third day of Pwn2Own will target Parallels, Exchange, Ubuntu, and Windows 10.

UPDATE: Zoom has reached out to SecurityWeek to provide the following statement:

Advertisement. Scroll to continue reading.

“We thank the Zero Day Initiative for allowing us to sponsor and participate in Pwn2Own Vancouver 2021, an event highlighting the critical and skillful work performed by security researchers. We take security very seriously and greatly appreciate the research from Computest. We are working to mitigate this issue with respect to Zoom Chat, our group messaging product. In-session chat in Zoom Meetings and Zoom Video Webinars are not impacted by the issue. The attack must also originate from an accepted external contact or be a part of the target’s same organizational account. As a best practice, Zoom recommends that all users only accept contact requests from individuals they know and trust. If you think you’ve found a security issue with Zoom products, please send a detailed report to our Vulnerability Disclosure Program in our Trust Center.”

Related: Researchers Earn $280,000 for Hacking Industrial Systems at Pwn2Own Miami

Related: Routers, NAS Devices, TVs Hacked at Pwn2Own Tokyo 2020

Related: NETGEAR Router, WD NAS Device Hacked on First Day of Pwn2Own Tokyo 2020

Related: Researchers Hack Windows, Ubuntu, macOS at Pwn2Own 2020

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Shane Barney has been appointed CISO of password management and PAM solutions provider Keeper Security.

Edge Delta has appointed Joan Pepin as its Chief Information Security Officer.

Vats Srivatsan has been appointed interim CEO of WatchGuard after Prakash Panjwani stepped down.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.