At the three-day pwn2own hacker conference held in Vancouver this week, several vulnerabilities in Microsoft, Ubuntu and Tesla products were continuously discovered and exploited The conference, organized by trend technology's zero day plan, provides hackers with an opportunity to make money in exchange for mainstream technology manufacturers to discover and exploit vulnerabilities in popular products.
By the end of the second day on Thursday, the conference had paid $945000 in rewards, including $75000 to hackers from the aggressive security company synapctiv, who found two unique vulnerabilities in Tesla Model 3 infotainment system. These vulnerabilities allow hackers to take over some of the car's systems. The zero day plan finally purchased Tesla Model 3 to diagnose a vulnerability in Ethernet and disclose it to carmakers.
Bien Pham, a security engineer of sea security response, and a team from Northwestern University showed two "use after free" privilege escalation vulnerabilities on Ubuntu desktops. This type of vulnerability is due to the poor memory management of the application. Memory corruption vulnerabilities are often used to attack and exploit browsers.
On the third day of the competition, another use after free vulnerability was found in Ubuntu, as well as other Microsoft windows 11 vulnerabilities.
On the first day of the event, there were 16 Zero Day vulnerabilities on the Ubuntu desktop, Apple Safari, Oracle VirtualBox, Mozilla Firefox, and Microsoft's windows 11 and teams.
The 16 Zero Day vulnerabilities exploited above received more than $800000 in rewards.
This year marks the 15th anniversary of the competition. 17 contestants from dozens of network security companies conducted various competitions for 21 different products. Star labs led with a total revenue of $270000 at the end of the second day.
The supplier has 90 days to fix all vulnerabilities disclosed during the competition.