Security researchers participating in this year’s Pwn2Own software exploitation contest banked more than $1 million in prizes over three days, organizers announced over the weekend.
The highest reward on the first day of the contest was earned for a TOCTOU (time-of-check to time-of-use) race condition exploit used to take full control of a Tesla vehicle. Researchers at French offensive security firm Synacktiv pocketed a $100,000 cash prize and ownership of a Tesla Model 3 car.
On the same day, a two-bug chain against Microsoft SharePoint was awarded a $100,000 prize and a six-bug logic chain targeting Adobe Reader earned hackers a $50,000 prize.
Vulnerabilities in Oracle VirtualBox ($40,000), Apple macOS ($40,000), Windows 11 ($30,000), and Ubuntu (two bugs, two $30,000 prizes) were also rewarded.
The first day of the contest ended with 12 zero-days being disclosed and $375,000 in cash and a car awarded in prizes.
The highest prize of the second day ($150,000) was once again earned for a Tesla hack, once again by the Synacktiv team. The exploit qualified for a Tier 2 award and the team earned $250,000.
Synacktiv emerged as the winner of Pwn2Own Vancouver 2023, earning a total of $530,000 and a car over the course of the three-day event.
VirtualBox was hacked twice on the second day of the competition, for $80,000 and $40,000 prizes, respectively. Microsoft Teams ($75,000) and Ubuntu ($30,000) were also hacked.
The second day ended with $475,000 awarded for 10 unique zero-days.
The STAR Labs team earned the highest prizes on the third day of the competition, one for a VMware Workstation exploit ($80,000) and another for a Microsoft Teams exploit ($75,000).
On the same day, three prizes of $30,000 were earned for Ubuntu hacks and another one for a Windows 11 exploit.
Related: Hackers Earn $180,000 for ICS Exploits at Pwn2Own Miami 2023
Related: Netgear Neutralizes Pwn2Own Exploits With Last-Minute Nighthawk Router Patches
Related: Pwn2Own Offers $100,000 for Home Office Hacking Scenario
More from Ionut Arghire
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- US, Israel Provide Guidance on Securing Remote Access Software
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
