Security researchers participating in this year’s Pwn2Own software exploitation contest banked more than $1 million in prizes over three days, organizers announced over the weekend.
The highest reward on the first day of the contest was earned for a TOCTOU (time-of-check to time-of-use) race condition exploit used to take full control of a Tesla vehicle. Researchers at French offensive security firm Synacktiv pocketed a $100,000 cash prize and ownership of a Tesla Model 3 car.
On the same day, a two-bug chain against Microsoft SharePoint was awarded a $100,000 prize and a six-bug logic chain targeting Adobe Reader earned hackers a $50,000 prize.
Vulnerabilities in Oracle VirtualBox ($40,000), Apple macOS ($40,000), Windows 11 ($30,000), and Ubuntu (two bugs, two $30,000 prizes) were also rewarded.
The first day of the contest ended with 12 zero-days being disclosed and $375,000 in cash and a car awarded in prizes.
The highest prize of the second day ($150,000) was once again earned for a Tesla hack, once again by the Synacktiv team. The exploit qualified for a Tier 2 award and the team earned $250,000.
Synacktiv emerged as the winner of Pwn2Own Vancouver 2023, earning a total of $530,000 and a car over the course of the three-day event.
VirtualBox was hacked twice on the second day of the competition, for $80,000 and $40,000 prizes, respectively. Microsoft Teams ($75,000) and Ubuntu ($30,000) were also hacked.
The second day ended with $475,000 awarded for 10 unique zero-days.
The STAR Labs team earned the highest prizes on the third day of the competition, one for a VMware Workstation exploit ($80,000) and another for a Microsoft Teams exploit ($75,000).
On the same day, three prizes of $30,000 were earned for Ubuntu hacks and another one for a Windows 11 exploit.
Related: Hackers Earn $180,000 for ICS Exploits at Pwn2Own Miami 2023
Related: Netgear Neutralizes Pwn2Own Exploits With Last-Minute Nighthawk Router Patches
Related: Pwn2Own Offers $100,000 for Home Office Hacking Scenario
More from Ionut Arghire
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
- Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
- Chrome 114 Released With 18 Security Fixes
- Spyware Found in Google Play Apps With Over 420 Million Downloads
- Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability
Latest News
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
- Apple Denies Helping US Government Hack Russian iPhones
- Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
- Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
