Pwn2Own 2023 is the new edition of the most important hacking competition in the world. Held annually in Vancouver, its goal is the same as its creation: find critical vulnerabilities in a controlled environment for providers to improve the security of their developments before they can be exploited.

To this end, participants agree to provide all research privately and non-publicly for a minimum of 90 days. In return, companies are giving away juicy prizes in a contest hosted by Trend Micro’s Zero Day Initiative. Good investment considering that the event is attended by the best white hat hackers on the planet and top security researchers who anticipate what may come from cybercrime, strengthening the security of software, devices and ultimately the lives of virtually all of us.

Pwn2Own 2023, nothing can resist

If in its beginnings the event was limited to the security of operating systems and their web browsers, today it includes other important categories such as virtualization, servers, applications and business communication, as well as the automotive category, which started with Teslas as protagonists and which in this edition returned because of the importance that autonomous driving and the connected car will assume in the future.

As a premiere for this year, the macOS system was added in the Local Privilege Escalation category and DNS (necessary for the operation of the Internet and cloud computing) in the server category.

This year’s edition was no different from the previous ones and practically did not withstand any type of software. The contestants revealed 27 Critical zero-day failures (unknown security flaws with no patch) and won a total of just over a million dollars and a Tesla Model 3.

The main test operating systems were hacked on the first day, Windows 11, macOS and Ubuntu Desktop. Also compromised was the infotainment system of the aforementioned Tesla Model 3 (a win for the car itself), a string of zero-day exploits targeting Microsoft SharePoint, a successful attack on Adobe Reader, and others against Oracle’s VirtualBox virtual machine.

Virtualization is a very important technique in today’s computers, and the giant VMware returned to the event as a sponsor. The WMware Workstation software was hacked on the last day of the competition, as was the fully patched Windows 11 and Ubuntu Desktop, which was compromised by three different teams. Note that the Synacktiv team has been declared as Master PWN winning by a lot, over half a million dollars and a Tesla Model 3 car.

Pwn2Own 2023 will publish all discovered bugs after 90 days and regardless of patch status. A reasonable deadline for solving vulnerabilities, which at the same time obliges the software provider to a certain extent. This type of competition is always interesting great hackers show their level and help improve computer security.