The Pwn2Own hacking event took place from May 18 to May 20, 2022. This year, security researchers were able to successfully hack Windows 11, Ubuntu, Firefox, Safari, Microsoft Teams, Tesla and other targets during the three days of the event.
Pwn2Own is an annual event that brings together security researchers from all over the world. On the 15th anniversary of the event, 17 security researchers attempted to exploit 21 targets across multiple categories.
On the first day of the event, researchers were able to hack Microsoft Teams, Oracle VirtualBox, Mozilla Firefox, Microsoft Windows 11, Apple Safari, and Ubuntu Desktop. Microsoft Teams and Ubuntu Desktop were successfully hacked across multiple teams during the day. All attempts were successful that day.
On the second day, security researchers hacked Tesla Model 3 Infotainment System, Ubuntu Desktop and Microsoft windows 11. Ubuntu desktop was hacked twice successfully. Two hacking attempts against Microsoft Windows 11 and Tesla that day failed.
On the third day, hackers managed to successfully exploit Windows 11 and Ubuntu Desktop. The researchers tapped Microsoft Windows 11 three times a day, without any failed attempts.
Mozilla has already released an update for its enterprise Firefox web browser. Firefox 100.0.2, Firefox ESR 91.9.1, Firefox for Android 100.3, and Thunderbird 91.9.1 are already available with patches for the reported vulnerability.
Here is an overview of successful hacks for Windows 11:
Marcin Wi managed? zowski from implementing an out-of-bounds writing franchise on Microsoft Windows 11, earning $40,000 and 4 Master of Pwn points, and high praise for the accompanying white paper from the Microsoft team.
Phan Thanh Duy (PTDuy, Lê H?u Quang Linh (linhlhq from STAR Labs) earned $40K and 4 Master of Pwn points for a free post-use privilege on Microsoft Windows 11.
T0 was able to successfully show an improper access control error that raised the privilege on Microsoft Windows 11 – earning $40,000 and 4 Master of Pwn points.
nghiadt12 from Viettel Cyber Security was able to successfully demonstrate privilege escalation via Integer Overflow on Microsoft Windows 11 – earning $40,000 and 4 Master of Pwn points.
vinhthp1712 Successfully Raise Privilege With Inappropriate Access Control on Microsoft Windows 11. vinhthp1712 Earns $40,000 and 4 Master of Pwn Points
In the last attempt at the competition, Bruno PUJOS (brunopujos) from REverse Tactics successfully achieves the franchise raise via Use-After-Free on Microsoft Windows 11. Bruno earns $40,000 and 4 Master of Pwn points.
Microsoft is expected to release updates for Windows 11 in the coming weeks. It will likely be June Correction Day 2022, which is scheduled for June 14, 2022. Critical security issues may be patched earlier by the company, as emergency updates may be released to address the issues at any time.
According to Zero Initiate, vendors whose products were attacked during the event “have 90 days to fix the vulnerabilities discovered.”
You can check out the full overview of the event here if you are interested in additional details about specific hacks or links to the hacker profiles of security researchers who participated in the event.