Hacking contest Pwn2Own: Ubuntu, Tesla, macOs and Windows 11 cracked

Martin Brinkmann
Mar 24, 2023
Updated • Mar 25, 2023
Security
|
12

It is the third day of the PWN2OWN VANCOUVER 2023 hacking contest. So far, security researchers managed to crack the operating systems Ubuntu, macOS and Windows 11, and other products, including Tesla cars and Adobe Reader.

Security researchers who managed to hack their targets win prize money and the hacked devices, even if it is a Tesla.

Six of the eight hacks on day one were successful, a seventh was also successful, but it used an exploit that was known previously. Only one attempt failed to hack the target in time.

Here is the day one overview:

  • AbdulAziz Hariri of Haboob SA used a 6-bug logic chain exploiting multiple failed patches against Adobe Reader to escape the application's sandbox and bypass a banned API list.
  • STAR Labs hacked Microsoft SharePoint successfully, using a 2-bug chain attack.
  • Bien Pham from Qrious Security exploited Oracle VirtualBox successfully using an OOB Read and a stacked-based buffer overflow.
  • Synacktiv successfully hacked a Tesla Model 3. They executed a TOCTOU (Time-of-Check-to-Time-of-Use) attack against Tesla – Gateway.
  • Marcin Wi?zowski managed to elevate privileges on Microsoft's Windows 11 operating system using an improper input validation bug.
  • Synacktiv was able to escalate privileges on Apple macOS using a TOCTOU bug.
  • STAR Labs used an already known exploit to successfully hack Ubuntu Desktop.
  • last_minute_pwnie fafiled to get an Ubuntu exploit working.

A total prize money of $375,000 was awarded to the successful researchers and teams. The Tesla Model 3 changed owner as well.

On day two, security researchers managed to hack Oracle VirtualBox, Microsoft Teams, another Tesla, and Ubuntu Desktop.

Here is the day two overview:

  • Thomas Imbert  and Thomas Bouzerar  from Synacktiv used a 3-bug chain against Oracle VirtualBox with a Host EoP.
  • Team Viettel hacked Microsoft Teams successfully using a 2-bug chain.
  • David Berard and Vincent Dehors from Synacktiv managed to get an exploit working that gave them unconfined root access in a Tesla. They used heap overflow and an OOB write for that.
  • dungdm of Team Viettel exploited Oracle VirtualBox using an uninitialized variable and a UAF bug.
  • Tanguy Dubroca from Synacktiv managed to escalate privilege on Ubuntu Desktop using an incorrect pointer scaling.

The researchers received $475,000 in prize money on the second day.

Attacks against Ubuntu Desktop, Microsoft Teams, Microsoft Windows 11, and VMWare Workstation are planned for the third and final day of the hacking competition.

Additional information about the successful hacks and exploits have not been released to the public.  Companies whose products have been exploited will create security patches to protect their devices and applications from potential attacks targeting the bugs.

Expect security updates for all hacked products in the coming days and weeks.

Summary
Hacking contest Pwn2Own: Ubuntu, Tesla, macOs and Windows 11 cracked
Article Name
Hacking contest Pwn2Own: Ubuntu, Tesla, macOs and Windows 11 cracked
Description
Security researchers managed to crack Teslas, Windows 11, macOS, Ubuntu, VMWare and other products during the 2023 Vancouver Pwn2Own event.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. VioletMoon said on March 24, 2023 at 4:40 pm
    Reply

    price money? What is “price” money?

    Prize money? A spellchecker would okay “price,” unless it’s a contextual spellchecker.

    1. Anonymous said on March 24, 2023 at 8:24 pm
      Reply

      @Martin
      @VioletMooln is impolitely pointing out that ‘price money’ is grammatically incorrect in your article. He does not state that ‘prize money’ is the wording to use.

      1. Tom Hawack said on March 25, 2023 at 4:32 pm
        Reply

        Straightforward, not impolite. Perhaps as well comical, reminding me kids and their “Mommy [“Daddy” given it’s addresses to Martin!] he hit me, he’s bothering me, daddy!”

        I mean: hey! we occasionally have our share of impoliteness, true, rude, authentic impoliteness : nothing comparable :=)

      2. John G. said on March 25, 2023 at 2:59 pm
        Reply

        @Anonymous, I don’t see any impolitely speech at all.

  2. Nero said on March 24, 2023 at 4:33 pm
    Reply

    Only ChromeOS survived. Google knows how to build a secure OS.

    1. John G. said on March 24, 2023 at 11:07 pm
      Reply

      There are so few users of ChromeOS that it’s quite irrelevant to crack imho. :S

  3. John G. said on March 24, 2023 at 2:03 pm
    Reply

    Bad software everywhere. Modern engineers learn using ChatGPT. Or what else?

    1. ahnser said on March 24, 2023 at 2:49 pm
      Reply

      Sure. It is clearly the software. Because good software is – as we all know – impossible to hack… mate, get real!

      1. John G. said on March 24, 2023 at 11:05 pm
        Reply

        @ahnser good software is safer than bad software, and more secure. For example, Adobe Flash Plugin was clearly unsafe. Veracrypt is clearly a safe software. W11 updates are worst than MacOs ones. The words “impossible to hack” are yours, not mine.

  4. Someone said on March 24, 2023 at 1:42 pm
    Reply

    Tesla ?? LTT’s channels on YouTube, got hacked by an scammer !! Why those boys still going around, without Google blocks them !! I dont mean the real TESLA ! Just the other bounch of hackers, owning illegally the name “tesla” and “elon musk crypto news” !

    1. Hans said on March 24, 2023 at 2:48 pm
      Reply

      how is that relevant to the article?

      1. Someone said on March 25, 2023 at 12:20 am
        Reply

        you can now visit the latest post of gHacks about LTT’s channel hack, on 24/03, yesterday.
        And why people says “how is that relevant to the article?”. This is comment section, you remember ? Not forum topic.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.