July 2, 2022

The contestants who efficiently exploited 16 zero-day bugs inside 16 completely different merchandise within the Pwn2Own Vancouver 2022 first day received greater than $800,000 in prize cash.

The product line consists of:-

  • Microsoft Home windows 11 (OS)
  • Microsoft Groups (communication platform)

First Day: Microsoft Groups and Home windows 11 Hacked

Within the enterprise communications class, Microsoft Groups was the primary sufferer of an improper configuration flaw exploited by Hector Peralta.

EHA

The members of the Star Labs workforce, Billy Jheng Bing-Jhong, Muhammad Alifa Ramdhan, and Nguyễn Hoàng Thạch exhibited a zero-click exploit chain that accommodates 2 bugs, and right here they’re talked about under:-

  • Injection
  • Arbitrary file write

That is the third time that Microsoft Groups was compromised by Masato Kinugawa, and this time he exploited three bugs of injection, misconfiguration, and sandbox escape with a view to hack the system.

Within the profitable demonstration of their Microsoft Groups zero-day vulnerabilities, the three hackers acquired a share of $150,000 and 15 Grasp of Pwn factors. 

Moreover, STAR Labs was capable of earn an additional $40,000. This was earned by utilizing a Use-After-Free vulnerability to escalate privileges on a Home windows 11 working system.

By having access to Oracle Virtualbox’s privilege escalation system, the group once more added a further $40,000 reward.

To hack the Mozilla Firefox net browser, Manfred Paul (@_manfp) demonstrated the exploitation of the two bugs efficiently, and right here they’re:- 

  • Prototype air pollution
  • Improper enter validation

By exploiting the above two bugs within the Mozilla Firefox net browser, he earned $100,000 and 10 Grasp of Pwn factors.

See also  Essential Flaws in MEGA Cloud Storage Let Attacker Decrypt Person Knowledge

Other than the Mozilla Firefox browser, Manfred Paul additionally efficiently demonstrated the exploitation of a bug in Apple Safari, and by compromising the Apple Safari net browser, he earned a hefty reward of $150,000.

Right here under, now we have talked about the bug that’s exploited in Apple Safari:-

Throughout a take a look at run of Microsoft Home windows 11 on a workstation, Marcin Wiązowski exploited an out-of-bounds write privilege escalation vulnerability. 

This earned him a tidy sum of $40,000 and 4 Factors of Grasp of Pwns for his efforts, together with a excessive score from the Microsoft workforce for writing the accompanying whitepaper.

Two bugs have been exploited on the Ubuntu desktop by Sea Safety’s workforce of Orca. Right here under, now we have talked about these two bugs which might be exploited and earned the workforce $40,000 together with 4 Grasp of Pwn factors:-

  • An Out-of-Bounds Write (OOBW)
  • Use-After-Free (UAF)

The primary day of the competition is over, which implies the subsequent updates will probably be up quickly, and we are going to preserve you up to date with all of the upcoming occasions of the competition.

You’ll be able to comply with us on Linkedin, TwitterFb for every day Cybersecurity and hacking information updates.