Pwn2Own Vancouver 2024: A Day Full of Zero-Day Exploits and Big Wins
The highly anticipated Pwn2Own Vancouver 2024 competition kicked off with a bang as contestants demonstrated their skills and expertise in hacking. Among the top contenders were Haboob SA, Synacktiv, Theori, Reverse Tactics, and Manfred Paul, who all walked away with hefty cash prizes and even a Tesla Model 3 car.
MacOS, Tesla, and Ubuntu Linux Vulnerabilities Exploited
The day began with Abdul Aziz Hariri from Haboob SA showcasing his impressive abilities by using an Adobe Reader exploit on macOS. This combination of API bypass and command injection earned him a cool $50,000. But the real showstopper was Synacktiv’s hack of the Tesla ECU, winning them $200,000 and, of course, the Tesla Model 3. In just under 30 seconds, they were able to use an integer overflow to exploit the Tesla Vehicle (VEH) CAN BUS Control. Theori security researchers Gwangun Jung and Junoh Lee also made a splash by escaping a VMware Workstation VM and gaining code execution on the host Windows OS, earning them $130,000.
Oracle VirtualBox and Windows Vulnerabilities Also Exposed
Team Reverse Tactics, consisting of Bruno PUJOS and Corentin BAYET, collected $90,000 after successfully exploiting two Oracle VirtualBox bugs and a Windows user-after-free (UAF) vulnerability. And for the grand finale of the first day, Manfred Paul wowed the crowd by hacking not one, not two, but three popular web browsers – Apple Safari, Google Chrome, and Microsoft Edge – and earning himself $102,500.
Other Impressive Attempts
While these were the big winners of the day, there were also other notable attempts from competitors. DEVCORE Research Team earned $30,000 for a successful privilege escalation on Windows 11 using two bugs, including a TOCTAU race condition. They also demonstrated an already-known exploit for Ubuntu Linux and were awarded an additional $10,000. The KAIST Hacking Lab’s Seunghyun Lee successfully exploited Google Chrome using a use-after-free vulnerability, netting a cool $60,000. ASU SEFCOM’s Kyle Zeng also targeted Ubuntu Linux with a race condition exploit and earned $20,000, while Cody Gallagher and Dungdm both won $20,000 for separate exploits on Oracle VirtualBox.
More Exciting Hacks to Come
The competition will continue on the second day as security researchers set their sights on more popular products and software, such as Windows 11, VMware Workstation, Oracle VirtualBox, Mozilla Firefox, Ubuntu Desktop, Google Chrome, Docker Desktop, and Microsoft Edge. With more than $1,300,000 in cash and prizes up for grabs, including the coveted Tesla Model 3, the hackers have plenty of motivation to showcase their talents.
Setting a New Standard for Impressive Hacks
Pwn2Own Vancouver 2024 is not just a competition for bragging rights and cash prizes. It also sets a new standard for impressive exploits and vulnerability disclosures. After the demonstration of zero-day vulnerabilities, vendors have 90 days to create and release security patches before they are publicly disclosed by Trend Micro’s Zero Day Initiative. This event not only pushes the boundaries of hacking but also highlights the importance of timely and thorough patching and updates.
Join the Ranks of Pwn2Own Winners
If you’re a highly skilled security researcher or hacker, Pwn2Own Vancouver 2024 is the ultimate test of your abilities. With a range of categories to target, from web browsers to enterprise applications to automotive, you have the chance to earn over $1,300,000 and potentially win a Tesla Model 3. Don’t miss your opportunity to join the ranks of past winners, such as Team Synacktiv, who raked in over $1 million during last year’s competition.