Pwn2Own 2022: Windows 11, Ubuntu, Firefox, Safari, Tesla and more hacked
The Pwn2Own hacking event took place from May 18-20, 2022. This year, security researchers managed to hack Windows 11 and Ubuntu, Firefox, Safari, Microsoft Teams, a Tesla and other targets successfully during the three days of the event.
Pwn2Own is an annual event that brings together security researchers from around the world. On the occasion of the 15th anniversary of the event, 17 security researchers attempted to exploit 21 targets in several categories.
On the first day of the event, researchers managed to hack Microsoft Teams, Oracle VirtualBox, Mozilla Firefox, Microsoft Windows 11, Apple Safari, and Ubuntu Desktop. Microsoft Teams and Ubuntu Desktop were successfully hacked by several teams during the day. All attempts were successful during the day.
On the second day, security researchers hacked the Tesla Model 3 infotainment system, Ubuntu Desktop, and Microsoft Windows 11. Ubuntu Desktop was successfully hacked twice. Two hacking attempts against Microsoft Windows 11 and Tesla failed that day.
On the third day, hackers managed to exploit Windows 11 and Ubuntu Desktop successfully. Researchers exploited Microsoft’s Windows 11 operating system three times during the day, with no unsuccessful attempts.
Mozilla has already released an update for the organization’s Firefox web browser. Firefox 100.0.2, Firefox ESR 91.9.1, Firefox for Android 100.3, and Thunderbird 91.9.1 are already available with fixes for the reported security vulnerability.
Here is an overview of successful Windows 11 hacks:
Marcin Wiłzowski was able to perform an out-of-bounds write privilege escalation on Microsoft Windows 11, earning $40,000 and 4 Master of Pwn points, and praise on the Microsoft team white paper.
Phan Thanh Duy (@PTDuy and Lê H?u Quang Linh (@linhlhq of STAR Labs won $40,000 and 4 Master of Pwn points for Use-After-Free privilege escalation on Microsoft Windows 11.
T0 was able to successfully show an inappropriate access control bug leading to elevation of privilege on Microsoft Windows 11 – earning $40,000 and 4 Master of Pwn points.
nghiadt12 from Viettel Cyber Security managed to show escalation of privilege via Integer Overflow on Microsoft Windows 11 – earning $40,000 and 4 Master of Pwn points.
vinhthp1712 successfully achieved elevation of privilege via improper access control on Microsoft Windows 11. vinhthp1712 wins $40,000 and 4 Master of Pwn points
In the last contest attempt, Bruno PUJOS (@brunopujos) from REverse Tactics was successful in getting a privilege escalation via Use-After-Free on Microsoft Windows 11. Bruno wins $40,000 and 4 Master of Pwn points.
Microsoft is expected to release updates for Windows 11 in the coming weeks. A likely target is the June 2022 Patch Day, scheduled for June 14, 2022. Critical security issues may be fixed sooner by the company as emergency updates may be released to address issues at any time. moment.
Vendors whose products were attacked during the event “have 90 days to produce a patch” for the vulnerabilities discovered, according to on the Zero Initiate website.
You can check out the full event preview here if you are interested in additional details on specific hacks or links to hacker profiles of security researchers who attended the event.