Skip to content

Hackers Earn Over $1 Million at Pwn2Own Exploit Contest “How to Stay Sane During a Stressful Time” “Maintaining Mental Wellbeing During Difficult Times”

The Pwn2Own competition for software vulnerability exploitation, which took place this year, was immensely successful, resulting in security researchers earning a remarkable $1 million in prizes within three days.

On the first day of the competition, the highest reward was earned for a TOCTOU (time-of-check to time-of-use) race condition exploit used to take full control of a Tesla vehicle. Researchers at French offensive security firm Synacktiv were rewarded with a $100,000 cash prize and ownership of a Tesla Model 3 car. A two-bug chain against Microsoft SharePoint and a six-bug logic chain targeting Adobe Reader earned hackers respectively a $100,000 and $50,000 prize. Vulnerabilities in Oracle VirtualBox ($40,000), Apple macOS ($40,000), Windows 11 ($30,000), and Ubuntu (two bugs, two $30,000 prizes) were also rewarded. At the end of the first day, 12 zero-days were disclosed and $375,000 in cash and a car awarded in prizes.

The second day of the contest saw Synacktiv as the winner, pocketing a total of $530,000 and a car. Their highest prize of the day ($150,000) was once again earned for a Tesla hack. VirtualBox was hacked twice for $80,000 and $40,000 prizes, respectively. Microsoft Teams ($75,000) and Ubuntu ($30,000) were also successfully exploited. $475,000 was awarded for 10 unique zero-days at the end of the second day.

The third day of the competition saw the STAR Labs team earn the highest prizes ($80,000 and $75,000 for VMware Workstation and Microsoft Teams exploits, respectively). Three $30,000 prizes were awarded for Ubuntu hacks and another one for a Windows 11 exploit. At the end of the three-day event, a total of $1 million in prizes was awarded.

In conclusion, this year’s Pwn2Own software exploitation contest was a great success, with security researchers banking an impressive $1 million in prizes over the course of three days. Synacktiv emerged as the ultimate winner, earning a total of $530,000 and a car. In addition to the highest rewards earned for Tesla hacks, vulnerabilities in Oracle VirtualBox, Apple macOS, Windows 11, and Ubuntu were also successfully exploited.

Key Points:

  • Security researchers earned $1 million in prizes over the course of three days at this year’s Pwn2Own software exploitation contest.
  • The highest reward on the first day of the contest was earned for a TOCTOU (time-of-check to time-of-use) race condition exploit used to take full control of a Tesla vehicle.
  • Synacktiv emerged as the winner of Pwn2Own Vancouver 2023, earning a total of $530,000 and a car.
  • Vulnerabilities in Oracle VirtualBox, Apple macOS, Windows 11, and Ubuntu were also successfully exploited.

Leave a Reply

Your email address will not be published. Required fields are marked *