Pwn2Own 2022: Windows 11, Ubuntu, Firefox, Safari, Tesla and more hacked
The hacking event Pwn2Own took place from May 18 to May 20 of 2022. This year, security researchers managed to hack Windows 11 and Ubuntu, Firefox, Safari, Microsoft Teams, a Tesla and other targets successfully during the three days of the event.
Pwn2Own is a yearly event that brings together security researchers from all over the world. On the 15th anniversary of the event, 17 security researchers attempted to exploit 21 targets across multiple categories.
On day 1 of the event, researchers managed to hack Microsoft Teams, Oracle VirtualBox, Mozilla Firefox, Microsoft Windows 11, Apple Safari, and Ubuntu Desktop. Microsoft Teams and Ubuntu Desktop were hacked successfully multiple teams during the day. All attempts were successful on the day.
On day 2, security researchers hacked the Tesla Model 3 Infotainment System, Ubuntu Desktop and Microsoft windows 11. Ubuntu Desktop was hacked twice successfully. Two hacking attempts against Microsoft Windows 11 and Tesla failed on that day.
On day 3, hackers managed to exploit Windows 11 and Ubuntu Desktop successfully. Researchers exploited Microsoft's Windows 11 operating system thrice on the day, with no failed attempts.
Mozilla did release an update for the organization's Firefox web browser already. Firefox 100.0.2, Firefox ESR 91.9.1, Firefox for Android 100.3, and Thunderbird 91.9.1 are already available with patches for the reported security vulnerability.
Here is an overview of the successful Windows 11 hacks:
Marcin Wi?zowski was able to execute an out-of-bounds write escalation of privilege on Microsoft Windows 11, earning $40,000 and 4 Master of Pwn points, and high praise on the accompanying whitepaper from the Microsoft team.
Phan Thanh Duy (@PTDuy and Lê H?u Quang Linh (@linhlhq of STAR Labs earned $40K and 4 Master of Pwn points for a Use-After-Free elevation of privilege on Microsoft Windows 11.
T0 was able to successfully show an improper access control bug leading to elevation of privilege on Microsoft Windows 11 - earning $40,000 and 4 Master of Pwn points.
nghiadt12 from Viettel Cyber Security was able to successfully show an escalation of privilege via Integer Overflow on Microsoft Windows 11 - earning $40,000 and 4 Master of Pwn points.
vinhthp1712 successfully achieved Elevation of Privilege via Improper Access Control on Microsoft Windows 11. vinhthp1712 earns $40,000 and 4 Master of Pwn points
On the final attempt of the competition, Bruno PUJOS (@brunopujos) from REverse Tactics successfully achieved Elevation of Privilege via Use-After-Free on Microsoft Windows 11. Bruno earns $40,000 and 4 Master of Pwn points.
Microsoft is expected to release updates for Windows 11 in the coming weeks. A likely target is the June 2022 Patch Day, which is scheduled for June 14, 2022. Critical security issues may be patched earlier by the company, as emergency updates may be released to address issues at any time.
Vendors whose products were attacked during the event "have 90 days to produce a fix" for discovered vulnerabilities, according to the Zero Initiate website.
You may check out the full overview of the event here if you are interested in additional details on specific hacks or links to the hacker profiles of security researchers who participated in the event.Advertisement