PWN2OWN 2022 – Windows 11, MS Teams and Firefox Pwned on Day 1

Pwn2Own 2022 – Windows 11, MS Teams and Firefox Pwned on Day One

Other than Windows 11, Microsoft Teams browser, Mozilla Firefox, Oracle Virtualbox, Ubuntu Desktop and Safari were hacked on the first day of PWN2OWN 2022 in Vancouver.

Pwn2Own is a hacking contest where white hate hackers compete against each other and win thousands of dollars to discover unknown vulnerabilities in popular software/operating systems. On the first day of the 15th release of Pwn2Own, vulnerability researchers earned about $800,000.

According to the event organizer, Trend Micro’s Zero Day Initiative (ZDI), this was the above She won the one-day prize in this competition. All ten hacking attempts were successful. The competition will conclude on Friday.

It is worth noting that this is the second version of Pwn2Own in 2022. The first version was held in Miami and focused mainly on ICS. Participants received $400,000 for successful exploits.

Microsoft Teams takes advantage of “stealing” the offer

About $450,000 of the total awarded amount of $800,000 was earned by hackers who discovered vulnerabilities in Microsoft Teams. Hackers exploited sixteen zero-day vulnerabilities against Windows 11, MS Teams, Firefox, Ubuntu, Oracle VirtualBox, and Safari. Hackers will target teams again on the last day of Pwn2Own, Friday.

For MS Teams, $150,000 was awarded for each of the three exploit series that benefited Masato Kinugawa, Hector Peralta (p3rr0), and the STAR Labs team that includes Billy Jing Bing Jong, Muhammed Alifa Ramadan and Nguyen Huang Thoch.

According to the ZDI blog, Peralta showed an incorrect configuration. Kinugawa exploited a series of 3 bugs including sandbox escape, configuration, and injection, while the STAR Labs team took advantage of an arbitrary file writing and injecting bug using a zero-click remote code execution exploit on Oracle VirtualBox.

More Pwn and Bug Bounty news

  1. Bug Bonus: Hack Tesla Model 3 to win your own Model 3
  2. Hack the US Army forever with Hack The Army bug bounty program
  3. Microsoft Exchange, Teams, Zoom, Chrome server pwned into Pwn2Own
  4. Xiaomi, Amazon Echo, Sony and Samsung Smart TVs pwned at Pwn2Own
  5. iPhone 13 Pro, Windows, Chrome, Linux, etc. were launched in the Tianfu Cup

Other successful exploits

Manfred Paul won $100,000 for fixing a protection escape exploit in Mozilla Firefox, which included improper input validation and prototype contamination, and an additional $50,000 for writing out of range on Apple Safari.

Other hackers won $40,000 each for the rest of the hacks. This includes Marcin Wiązowski, who implemented an out-of-bounds write privilege escalation on MS Windows 11. The Orca team from Sea Security implemented two bugs on the Ubuntu desktop, Phan Thanh Duy from STAR Labs and Lê Hữu Quang Linh exploited MS Windows 11 using a use privilege escalation. -After-Free. Keith Yeo has made a Use-After-Free exploit on the Ubuntu Desktop.

On Thursday, the second day of Pwn2Own, researchers will hack a Tesla Model 3, and successful attempts will give them up to $600,000 plus a new Tesla.

Did you enjoy reading this article? Do you like our page on Facebook and follow us Twitter.

#Pwn2Own #Windows #Teams #Firefox #Pwned #Day

Leave a Comment

Your email address will not be published.