Several bugs in Microsoft, Ubuntu and Tesla products were discovered and exploited at the three-day Pwn2Own hacking conference in Vancouver this week.
The conference, organized by Trend Micro’s Zero Day initiative, gives hackers a chance to earn money in exchange for discovering and exploiting vulnerabilities in popular products.
By the end of the second day on Thursday, the conference had paid out $945,000 in rewards, including $75,000 to hackers with offensive security company Synacktiv for two unique bugs found in the Tesla Model 3 infotainment system.
The bugs allowed hackers to take control of certain car systems.
The Zero Day Initiative also ended up buying a vulnerability in the Tesla Model 3 Diagnostic Ethernet and leaking it to the automaker.
A security engineer at Sea Security Response, Bien Pham, and a team from Northwestern University demonstrated two “use after release” elevation of privilege vulnerabilities in Ubuntu workstations. Use After Free bugs are vulnerabilities that arise due to memory management issues by applications. Memory corruption bugs are commonly used to attack and exploit browsers.
Another Use After Free bug was found in Ubuntu on day three of the competition alongside other Microsoft Windows 11 vulnerabilities.
On the first day of the event, 16 zero-day bugs were exploited in Ubuntu Desktop, Apple Safari, Oracle Virtualbox, Mozilla Firefox, as well as Windows 11 and Microsoft Teams.
More than $800,000 was awarded for the 16 zero-days exploited.
The competition, which celebrated its 15th anniversary this year, brought together 17 entrants from dozens of cybersecurity companies targeting 21 different products across multiple categories. STAR Labs led the way at the end of day two with total earnings of $270,000.
Vendors have 90 days to produce a patch for all vulnerabilities disclosed during the contest.
#Tesla #Microsoft #Ubuntu #Bugs #Discovered #Pwn2Own #Hacking #Contest