Pwn2Own 2022 is the new release of the most important hacking competition on the planet. The event is held annually and its goal is find critical vulnerabilities in a controlled environment for vendors to improve the security of their development before shortcomings can be exploited.

And that’s what participants, the best hackers white hat planets and researchers from large security companies undertake to provide all research privately and not to publish it for at least 90 days. In exchange for a competition he organizes Zero Day Initiative Trend Micro, brings juicy prices for what is considered a great investment for what it means to anticipate what can come from cybercrime, thus enhancing the security of software and equipment.

Pwn2Own 2022: no one can resist

As in previous years, the list of compromised software is as broad as the number of compromised targets (21 products in different categories) and neither open source nor proprietary software is spared. Windows 11, Microsoft Teams, Oracle VirtualBox, Mozilla Firefox, Apple Safari, Ubuntu Desktop or Tesla cars, were successfully hacked by various teams during the three days of the event.

Windows 11, the latest Microsoft system, was one of the preferred goals of the researchers and showed six successful exploits, including three Zero-Day vulnerabilities. Among the most interesting were the escalation of permissions using Integer Overflow techniques and others using the Use-After-Free attack, which exploits memory address errors to cause denial of service and code execution, thus achieving complete control. team.

The same exploit was used by two groups to hack into an Ubuntu Desktop system. This is a well-documented attack that exploits vulnerabilities in the way applications manage memory. Three zero-days in the Microsoft Teams communications platform and various vulnerabilities in Apple Safari and Mozilla Firefox browsers or Oracle Virtualbox virtualization software were also revealed.

The infotainment system of Tesla 3 cars was also demolished. The car category premiered at Pwn2Own 2019, as it was considered an important segment in the face of the rise of smart / autonomous cars. At the time, the researcher used a JIT error in the web browser rendering process to run code in the car’s firmware and display a message on its infotainment system. He took the car that Tesla donated as a prize.

In total, Pwn2Own 2022 awarded prizes of $ 1.2 million. After the vulnerabilities are exploited and detected in a controlled manner if the software and hardware vendors 90 days to issue security patches of all reported vulnerabilities.

More information about Pwn2Own 2022 | Zero Day Initiative