Security researchers successfully demonstrated Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains on the first day of Pwn2Own Vancouver 2023.
The event allows researchers to demonstrate previously unknown security vulnerabilities and compete for cash and prizes.
Adobe Reader, Microsoft’s SharePoint team collaboration platform, Ubuntu Desktop, Tesla Gateway, Apple macOS, and Oracle VirtualBox all fell to the exploits. The successful demonstrations of the zero-day vulnerabilities highlight the need for vendors to quickly release security fixes before Trend Micro’s Zero Day Initiative discloses the flaws publicly.
The Pwn2Own Vancouver 2023 contest covers enterprise applications, enterprise communications, local escalation of privilege, server, virtualization, and automotive categories. Over the course of the event, contestants can earn up to $1,080,000 in cash and prizes, including a Tesla Model 3 car.
On the second day, researchers will focus on zero-day exploits targeting Microsoft Teams, Oracle VirtualBox, the Tesla Model 3 Infotainment Unconfined Root, and Ubuntu Desktop.
On the last day, they will set their sights on Ubuntu Desktop, Microsoft Teams, Windows 11, and VMware Workstation.
Last year’s Vancouver Pwn2Own contest saw researchers earn $1,155,000.
The event resulted in the disclosure of several zero-day vulnerabilities in Apple Safari, Oracle Virtualbox, and Mozilla Firefox. Additionally, the Tesla Model 3 Infotainment System was hacked.
Once zero-day vulnerabilities are demonstrated and disclosed, vendors have 90 days to create and release security fixes for all reported flaws before they are publicly disclosed by the Zero Day Initiative.
