Three participants used zero-day vulnerabilities to hack Microsoft’s most recent operating system on the third and last day of the 2022 Pwn2Own Vancouver hacking contest.
First, there was the contestant nghiadt12, a member of Viettel Cyber Security. They exploited a Windows 11 escalation of privilege vulnerability using Integer Overflow. The second and third included Bruno Pujos and vnhthp1712 from REverse Tactics, who used Use-After-Free and Improper Access Control vulnerabilities to increase privileges on the target endpoint.
Hacking a car
Apart from three successful attempts, there was also a failed experiment of Team DoubleDragon, which failed to demonstrate the exploit before the timeframe.
Ubuntu Desktop was also successfully hacked once through STAR Labs’ Billy Jheng Bing-Jhong. It was then added. The exploit Use-After-Free was employed in this attack.
In the entirety of the Pwn2Own 2022 timeframe, 17 contestants have hacked Windows 11 multiple times and Ubuntu Desktop, Apple Safari, Oracle Virtualbox, and Mozilla Firefox.
Since 2019 the competition has added an entirely new category, automotive infotainment and entertainment systems. This year, the technology inside Tesla 3 was hacked. Tesla 3 car was hacked. According to reports, the group Sznactiv revealed a sandbox-based escape attack within the infotainment device, allowing the attacker to control the built-in computer device.
The group was awarded $75,000 to fix the issue. However, it was also stated that the bug could use it to start stage two attacks that use malware that can be more destructive and may even enable complete device takeover. In totality, hacking a Tesla Model 3 earns the user $600,000 and the vehicle itself, Kurritu.org stated.
Over a million dollars have been awarded as a reward for the hacks’ success, and vendors are now given 90 days to address the problems. If they fail to complete the timeframe, the Trend Micro Zero Day Initiative will publicly reveal the vulnerabilities.