On the last day of the Pwn2Own contest, Windows 11 was hacked three more times
On the third and final day of the 2022 Pwn2Own Vancouver Hacking Competition, security researchers successfully hacked Microsoft’s Windows 11 operating system three more times using zero-day exploitation.
The first attempt of the day to target Microsoft teams failed because Team DoubleDragon could not demonstrate their exploitation in the allotted time.
All other competitors hacked their targets, earning 11 160,000 after removing Windows 11 three times and Ubuntu Desktop once.
On the third day of Pwn2Own the privilege was nghiadt12 from Vital Viber Cybersecurity, the first to demonstrate zero-day (through integer overflow) Windows 11 escalation.
Bruno Pujos from Reverse Tactics and vinhthp1712 have extended privileges on Windows 11 using use-after-free and improper access control vulnerabilities, respectively.
Last but not least, Billy Zheng Bing-Zhong of STAR Labs hacked a system running on Ubuntu desktop using use-after-free exploitation.
Pwn2Own 2022 Vancouver 17 contestants earned a total of $ 1,155,000 for zero-day exploitation and exploitation chains in three days after 21 attempts, between May 18 and May 20.
On the first day of Pwn2Own, hackers won $ 800,000 by successfully using 16 zero-day bugs to hack several products, including Microsoft’s Windows 11 operating system and team communication platforms, Ubuntu Desktop, Apple Safari, Oracle Virtualbox and Mozilla Firefox.
The next day, the contestants earned $ 195,000 by pointing out flaws in the Telsa Model 3 Infotainment System, Ubuntu Desktop and Microsoft Windows 11.
Security researchers demonstrated six exploits of Windows 11 during the competition, hacked the Ubuntu desktop four times, and demonstrated three Microsoft teams zero-day. He also reported several bugs in Apple Safari, Oracle Virtualbox and Mozilla Firefox.
After exploiting and reporting insecurity during Pwn2Own, vendors have 90 days to release security fixes until Trend Micro’s Zero Day Initiative publicly discloses it.
In April, hackers also earned $ 400,000 for 26 zero-day exploits targeting ICS and SCADA products displayed during the 2022 Pwn2Own Miami contest between April 19 and April 21.