Security Experts:

Connect with us

Hi, what are you looking for?


IoT Security

Over $1.1 Million Awarded at Pwn2Own Vancouver 2022 for 25 Zero-Day Vulnerabilities

Pwn2Own Vancouver 2022

Participants earned a total of more than $1.15 million at the Pwn2Own Vancouver 2022 hacking contest last week.

Pwn2Own Vancouver 2022

Participants earned a total of more than $1.15 million at the Pwn2Own Vancouver 2022 hacking contest last week.

According to Trend Micro’s Zero Day Initiative (ZDI), which organizes the event, rewards were paid out for 25 unique zero-day vulnerabilities that were used to target Tesla Model 3, Windows 11, Ubuntu, Microsoft Teams, Safari, Firefox and Oracle VirtualBox.

A majority of the money was earned on the first day, when researchers demonstrated exploits worth a total of $800,000, including three Microsoft Teams exploit chains that received $150,000 each.

Two teams targeted the Tesla Model 3, but only one of them, representing Synacktiv, was partially successful. The Synacktiv team earned $75,000 for an infotainment system hack, but their exploit leveraged a sandbox escape vulnerability that had already been known.

In the second attempt, a researcher failed to demonstrate their Tesla exploit, but ZDI still decided to acquire the details of the exploit and report them to the carmaker.

Researcher Manfred Paul was the only one to target Mozilla’s Firefox browser and the exploit earned him $100,000. Paul demonstrated his exploit on May 18, and on May 20 Mozilla already announced a Firefox update that should patch the vulnerabilities he disclosed at Pwn2Own. The researcher also earned $50,000 for a Safari hack.

Pwn2Own participants demonstrated six Windows 11 privilege escalation exploits, each worth $40,000. Four Ubuntu exploits and one VirtualBox exploit earned hackers the same amount.

This is the second Pwn2Own taking place this year. In April, at Pwn2Own Miami 2022, which focuses on industrial control systems (ICS), contestants earned a total of $400,000 for their exploits.

Related: Printers Hacked for First Time at Pwn2Own

Related: $1.9 Million Paid Out for Exploits at China’s Tianfu Cup Hacking Contest

Related: Serious Vulnerability Exploited at Hacking Contest Impacts Over 200 HP Printers

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.