May 23, 2022 16:00:00

Windows 11 is hacked 6 times during the hacking competition, Tesla and Ubuntu are also prey

In the hacking contest '

Pwn2Own 2022 ' held from May 18th to May 20th, 2022, the security of Windows 11, Ubuntu, and Tesla car systems was broken one after another, and undiscovered vulnerabilities were revealed. It is reported that it was revealed one after another.

Zero Day Initiative — Pwn2Own Vancouver 2022 --The Results
https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results

Windows 11 hacked three more times on last day of Pwn2Own contest
https://www.bleepingcomputer.com/news/security/windows-11-hacked-three-more-times-on-last-day-of-pwn2own-contest/

'Pwn2Own' is a conference hosted by Trend Micro's vulnerability discovery community, Zero Day Initiative. Participants aim to win prizes in various categories such as browsers, servers, OS privilege promotion , and automobiles. I will challenge to identify. At this Pwn2Own Vancouver 2022 event in Vancouver, Canada, and online, 17 participating teams won a total of $ 1.155,000 in prize money.

We've wrapped # Pwn2Own Vancouver 2022 --the 15th anniversary of the contest. We awarded $ 1,155,000 for 25 unique 0-days. Join @MaliciousInput and @dustin_childs as they recap the event.

— Zero Day Initiative (@thezdi) May 20, 2022

On the first day of the three-day contest, two participating teams successfully hacked Windows 11. The first bug found was a privilege promotion bug found by Marcin Wiązowski that allows out-of-range writes in Windows 11, and the second is Phan Thanh Duy and Lê Hữu from Singapore security firm STAR Labs. An elevation of privilege that leads to a Use-After-Free attack found by Quang Linh. On the second day, a participant named T0 identified an improper access control bug that could lead to privilege escalation.

And on the third day, three people, including vinhthp1712, Vietnamese security company Viettel Cyber Security's nghiadt12, and French security company REverse Tactics' Bruno PUJOS, also succeeded in promoting privileges on Windows 11. Windows 11 has been found to be buggy six times during the three-day period. In addition, Ubuntu for desktop, which was the subject of privilege promotion along with Windows 11, has been identified as a vulnerability four times in three days.

In the automotive sector, on the second day, David BERARD and Vincent DEHORS, who entered from French security company Synacktiv, who calls themselves 'Ninja Dojo,' found two bugs in Tesla's Model 3. The actual Model 3 car, which was a prize in the past tournament, was not presented, but I got a prize of 75,000 dollars (about 9.55 million yen) that Model 3 can afford to buy.

The final result is as follows. The winner was STAR Labs, who won a total prize of 270,000 dollars (about 34.4 million yen) by identifying multiple bugs of Microsoft Teams in the general product category as well as defects of Windows 11. Hector Peralta, who found an important defect in Microsoft Teams, Hector Peralta, who was awarded a prize of 150,000 dollars (about 19 million yen), and a Japanese who found three bugs in Microsoft Teams Masato Kinugawa and Manfred Paul, who found a bug in Mozilla Firefox and Apple Safari in the browser category, ranked side by side. The result was that the aforementioned Synacktiv bite into 5th place.