Ethical hackers, security researchers who decide to put their undeniable skills to smart use into practice by discovering vulnerabilities unknown in the past, showed their skill this week at PWN2OWN Vancouver. On the occasion of its 15th anniversary, trend’s elite piracy event The Micro Zero Day (ZDI) initiative will pay large bonuses to those who disclose zero days that affect peak vital suppliers. Remember that hackers are not criminals and hacking is not a crime when it comes to responsibly locating and disclosing such vulnerabilities.
The first day of PWN2OWN Vancouver 2022 is already over, and 16 0 days of this have been demonstrated. That’s a record number for the hacking contest, which earned interested pirates the equally impressive sum of $800,000. In addition, the 16 0 days of piracy The attempts of the first day were successful.
The PWN2OWN event takes place over three days and ends on Friday, May 20. I’ll be sure to update this story as the most significant effects become known, with a summary probably on Saturday. These are the main tricks of the first day.
Hackers from the Singapore-based Star Labs team demonstrated a zero-day exploit targeting Microsoft teams that generated $150,000. The same team also revealed a zero-day privilege escalation affecting Windows 11 and was rewarded with an additional $40,000 for its efforts.
Another hacker, Hector “p3rr0” Peralta, was also successful when he came to Microsoft Teams and earned $150,000 for his efforts, and Marcin Wiazowski received $40,000 for zero-day elevation of privilege in Windows 11. Masato Kinugawa also won $150,000 for Microsoft Teams escape from the sandbox.
Meanwhile, Manfred Paul managed to hijack the Apple Safari and Mozilla Firefox browsers for a total of $150,000 in prizes.
And finally, the Linux Ubuntu desktop fell victim to Sea Security’s Orca, which earned $40,000, and Keith Yeo, who earned the same amount.
This would possibly seem like bad news from a security perspective, but in reality, it’s far from the case. The main technical points of all hacks, adding the exploited vulnerabilities, are revealed to the corresponding provider. The patches are then created and deployed for users. before more data is made public. It’s smart security in action, which works as it should.
What can we expect from the day of the moment of PWN2OWN Vancouver 2022?More of the same, in terms of the good fortune of the zero-day hacks demonstrated, I will venture to predict. The difference is the addition of some other big target in the hack line of sight: the Tesla Model 3. I will share with you again all the effects that matter.