Connect with us

Hi, what are you looking for?

Cyber Security

Windows 11 hacked three more times on last day of Pwn2Own contest

On the third and last day of the 2022 Pwn2Own Vancouver hacking contest, security researchers successfully hacked Microsoft’s Windows 11 operating system three more times using zero-day exploits.

The first attempt of the day targeting Microsoft Teams failed after Team DoubleDragon could not demo their exploit within the allotted time.

All other contestants hacked their targets, earning $160,000 after taking down Windows 11 three times and Ubuntu Desktop once.

The first to demonstrate a Windows 11 escalation of privilege zero-day (via Integer Overflow) on the third day of Pwn2Own was nghiadt12 from Viettel Cyber Security.

Bruno Pujos from REverse Tactics and vinhthp1712 also escalated privileges on Windows 11 using Use-After-Free and Improper Access Control vulnerabilities, respectively.

Last but not least, STAR Labs’ Billy Jheng Bing-Jhong hacked a system running Ubuntu Desktop using a Use-After-Free exploit.

Windows 11 EOP via Integer Overflow
Windows 11 EOP via Integer Overflow demoed by nghiadt12 (ZDI)

Pwn2Own 2022 Vancouver ended with 17 competitors earning a total of $1,155,000 for zero-day exploits and exploits chains demoed over three days after 21 attempts, between May 18 and May 20.

On the first day of Pwn2Own, hackers won $800,000 after successfully exploiting 16 zero-day bugs to hack multiple products, including Microsoft’s Windows 11 operating system and the Teams communication platform, Ubuntu Desktop, Apple Safari, Oracle Virtualbox, and Mozilla Firefox.

On second day, contestants earned $195,000 after demoing flaws in the Telsa Model 3 Infotainment System, Ubuntu Desktop, and Microsoft Windows 11.

Security researchers demonstrated six Windows 11 exploits during the contest, hacked Ubuntu Desktop four times, and demoed three Microsoft Teams zero-days. They also reported several flaws in Apple Safari, Oracle Virtualbox, and Mozilla Firefox.

After vulnerabilities are exploited and reported during Pwn2Own, vendors have 90 days to release security fixes until Trend Micro’s Zero Day Initiative publicly discloses them.

In April, hackers also earned $400,000 for 26 zero-day exploits targeting ICS and SCADA products demoed during the 2022 Pwn2Own Miami contest between April 19 and April 21.

Source: https://www.bleepingcomputer.com/news/security/windows-11-hacked-three-more-times-on-last-day-of-pwn2own-contest/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Cyber Security

Actors linked to adversarial nations — namely China and Russia — worked across platforms to push inaccurate content, according to a report released Tuesday....

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Cyber Security

Media and frequent innovative releases aggressively fuel the rapid industry rise of generative AI (Artificial Intelligence) ChatGPT.  But, besides its innovative part, cybercriminals have...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO