Contestants win over $800,000 after Hacking Apple Safari and Microsoft Windows 11
Ethical hackers and Skilled Vulnerability Researchers won over $800,000 after hacking Apple Safari, Microsoft Teams and Windows 11 in the first day of the 2022 Pwn2Own contest. The Pwn2Own Vancouver is a computer hacking contest which is held annually. It is held to give hackers an opportunity to put their skills to good use.
All ten hacking attempts were successful and a total of 16 zero-day vulnerabilities were exploited against Teams, Oracle VirtualBox, FireFox, Windows 11, Apple Safari, Microsoft Teams and Ubuntu.
The organizers of the contest, Trend Micro’s Zero Day Initiative(ZDI) said that is the highest amount that has ever been rewarded to participants in a single day. Hacking is not a criminal act and it oftens depends on the hackers intentions. The contest is benefiting as the hackers disclose information on such vulnerabilities.
Contestants win $150,000 After Hacking Apple Safari
Microsoft Teams exploit had the highest bounty of $150,000. It was the first to fall after Hector “p3rr0” Peralta exploited an improper configuration flaw. Masato Kinugawa also benefited from Microsoft Teams, he was rewarded $150,000 for exploiting a 3-bug chain of injection, misconfiguration and sandbox escape.
Hackers from the Singapore-based Star Labs team demonstrated a zero-click exploit chain of two bugs(injection and arbitrary file write) and was rewarded $150,000. The team also earned an extra $40,000 for elevating privileges on a system running escalation using a Use-After-Free-Weakness and for achieving privilege escalation on VirtualBox.
Another contestant, Manfred Paul, was able to hack both Apple Safari and the Mozilla Firefox browser to earn $150,000 total prize money. Other hackers, Marcin Wiazowski, Team Orca of Sea Security and Keith Yeo demonstrated more zero days in Windows 11 and Ubuntu Desktop and earned $40,000 each.
The rankings of the Pwn2Own Vancouver 2022 contest has Star labs in top spot with $230,000 and 23 points earned in the contest so far. Hector “p3rr0” Peralta, Masato Kinugawa and Manfred Paul in third and fourth place respectively with $150,000 and 15 points each in the contest and fifth place, Teams Tied with $40,000 and 4 points.
Contest rankings will be updated as the event continues. Security researchers will target products in web browsers, virtualization, Local Escalation of Privilege, servers, enterprise communications and automotive categories.
