Apple Safari, Windows 11, Teams and Ubuntu all hacked At PWN2OWN 2022 | #firefox | #chrome | #microsoftedge

Ethical hackers, the security researchers who choose to put their undoubted skills to good use by uncovering previously unknown vulnerabilities, have showcased their talent this week at PWN2OWN Vancouver. In its 15th anniversary year, the elite hacking event created by the Trend Micro Zero Day Initiative (ZDI) pays big bounties to those who reveal zero-days impacting the most prominent of vendors. Remember, hackers are not criminals, and hacking is not a crime when talking about people finding and responsibly disclosing such vulnerabilities.

MORE FROM FORBESApple 0-Day Security Warning For Mac, TV, Watch Users-Attacks Maybe Underway

Day one of PWN2OWN Vancouver 2022 breaks products, and records

Day one of PWN2OWN Vancouver 2022 is now complete, and 16 such zero-days were demonstrated. This is a record number for the hacking contest, earning the hackers involved an equally impressive $800,000. What’s more, all 16 zero-day hack attempts from day one were successful.

The PWN2OWN event takes place over three days, ending on Friday, May 20. I will be sure to update this story as and when other significant results are known, with a likely round-up on Saturday. Here are the headline hacks from day one.

Microsoft Windows 11 and Microsoft Teams, hacked

Hackers from the Singapore-based Star Labs team demonstrated a zero-click zero-day exploit targeting Microsoft Teams that earned $150,000. The same team also revealed an escalation of privilege zero-day impacting Windows 11 and were rewarded with a further $40,000 for their efforts.

Another hacker, Hector “p3rr0” Peralta, also succeeded where Microsoft Teams was concerned and won $150,000 for his effort, and Marcin Wiazowski got $40,000 for an escalation of privilege zero-day on Windows 11. Masato Kinugawa was also awarded $150,000 for a Microsoft Teams sandbox escape.

Apple Safari, Mozilla Firefox and Ubuntu Desktop, hacked

Meanwhile, Manfred Paul managed to hack both Apple Safari and Mozilla Firefox browsers for a total of $150,000 in prize money.

And finally, the Linux Ubuntu Desktop fell victim to Team Orca from Sea Security which won $40,000, and Keith Yeo, who received the same amount.

Why this list of zero-day exploits is good news for product security

This might sound like bad news from the security perspective, but actually, it’s far from it. Technical detail of all the hacks, including the vulnerabilities being exploited, are disclosed to the vendor concerned. Patches are then created and rolled out to users before more information is made publicly available. This is good security in action, working as it should.

MORE FROM FORBESCritical Microsoft Windows 10, 11 & Server Warning Issued As Attacks Underway

PWN2OWN Vancouver, 2022 day two: will the Tesla Model 3 get hacked?

What can we expect from day two of PWN2OWN Vancouver 2022? More of the same, in terms of successful zero-day hacks being demonstrated, I will hazard to predict. The difference is the addition of another big target in the hacking crosshairs: the Tesla Model 3. I’ll be back tomorrow, reporting on all the results that matter.




Original Source by [author_name]

Leave a Reply

Your email address will not be published.

+ thirty three = thirty four