Tag

Pwn2own

All articles tagged with #pwn2own

technology1 year ago•1 min saved

"Google Rushes Emergency Update to Fix Critical Chrome Flaw Exploited at Pwn2Own"

Google has fixed another zero-day vulnerability in the Chrome browser, which was exploited at the Pwn2Own hacking contest. This high-severity security flaw, tracked as CVE-2024-3159, allowed remote attackers to gain access to sensitive information or trigger a crash. Google has also recently fixed two other zero-day vulnerabilities targeted at Pwn2Own Vancouver 2024, and in total, has patched four Chrome zero-days this year.

via BleepingComputer|

#chrome #google #pwn2own

technology1 year ago•1 min saved

"Major Tech Companies Patch Zero-Day Exploits in Chrome and Firefox"

Google fixed two zero-day vulnerabilities in the Chrome web browser that were exploited during the Pwn2Own Vancouver 2024 hacking competition, addressing high-severity weaknesses in the WebAssembly and WebCodecs API. Mozilla also patched two Firefox zero-days exploited at the same event. The competition concluded with security researchers earning $1,132,500 for demonstrating 29 zero-day exploits and exploit chains over two days, with Manfred Paul emerging as the winner after taking down Apple Safari, Google Chrome, and Microsoft Edge web browsers.

via BleepingComputer|

#chrome #google #pwn2own

technology1 year ago•1 min saved

"Pwn2Own 2024: Tesla, Firefox, and More - Hackers Earn Big Rewards for Uncovering Software Vulnerabilities"

Mozilla has swiftly patched two zero-day vulnerabilities in Firefox that were exploited during the Pwn2Own Vancouver 2024 hacking competition, preventing potential remote code execution attacks. The vulnerabilities allowed for out-of-bounds write and privileged JavaScript execution, and were fixed in Firefox 124.0.1 and Firefox ESR 115.9.1. Manfred Paul earned $100,000 and 10 Master of Pwn points for exploiting the flaws, and also successfully hacked Apple Safari, Google Chrome, and Microsoft Edge during the competition.

via BleepingComputer|

#firefox #hacking-contest #mozilla

cybersecurity2 years ago•2 min saved

"VMware Addresses Critical Zero-Day Exploit in Workstation and Fusion Software"

VMware has released security updates to fix two zero-day vulnerabilities that were part of an exploit chain demonstrated by security researchers at the Pwn2Own Vancouver 2023 hacking contest. The vulnerabilities could be chained to gain code execution on systems running unpatched versions of VMware's Workstation and Fusion software hypervisors. VMware has also addressed two more security flaws affecting its hosted hypervisors and shared temporary workarounds for admins who cannot immediately deploy patches.

via BleepingComputer|

#cybersecurity #hypervisors #pwn2own

cybersecurity2 years ago•3 min saved

Tesla Model 3 Hacked at Pwn2Own, Hackers Win $100,000 and Car

A team of hackers from French security shop Synacktiv won $100,000 and a Tesla Model 3 after subverting the car's entertainment system and opening up its core management systems at the annual Pwn2Own competition. Twitter's source code was leaked online, and the company is asking GitHub to identify who posted the code and anyone who downloaded it. The Office of Inspector General found that Login.gov misled its customers and other government agencies by telling them that it complied with NIST standards.

via The Register|

#cybersecurity #logingov #nist

cybersecurity2 years ago•2 min saved

Pwn2Own Hackers Target Windows, Ubuntu, VMWare, and Tesla Model 3

On the final day of the Pwn2Own hacking contest, security researchers earned $185,000 by demonstrating five zero-day exploits targeting Windows 11, Ubuntu Desktop, and VMware Workstation. Ubuntu Desktop was hacked three times by three different teams, with three working zero-day exploits. A fully patched Windows 11 system was also hacked, and the STAR Labs team used an exploit chain against VMware Workstation. In total, 27 zero-day exploits were demoed during the three-day event, with Synacktiv earning $530,000 and a Tesla Model 3 car for their exploits. Vendors have 90 days to patch the bugs before technical details are publicly released.

via BleepingComputer|

#cybersecurity #pwn2own #ubuntu-desktop

technology2 years ago•1 min saved

Pwn2Own 2023: Hackers Take Down Tesla Model 3 and Major Operating Systems.

Tesla's Model 3 was successfully hacked at the Pwn2Own conference, with the hackers winning $100,000 and the car they compromised. The hackers gained root access to Tesla's system and claimed to have taken over the whole car through a TOCTTOU exploit. Tesla has been investing heavily in cybersecurity and working with whitehat hackers to make their products more secure. The findings of these hacks are shared with the companies to help improve their security.

via Electrek|

#cybersecurity #hacking #model-3

cybersecurity2 years ago•2 min saved

Pwn2Own 2023: Hackers Win Tesla Model 3 and Compromise Major Operating Systems.

The first day of the Pwn2Own 2023 hacking contest saw five participants win a total of $375,000 by finding 12 zero-day vulnerabilities in popular software platforms and a Tesla Model 3 car. Offensive security firm Synacktiv won the most money and a Tesla Model 3 by compromising the car with a TOCTOU attack and escaping access privileges on macOS. The STAR Labs team won second place by targeting Microsoft SharePoint and successfully hacking the Ubuntu Desktop operating system. The Zero Day Initiative will disclose the details of the zero-day vulnerabilities to their respective software vendors, who will have 90 days to release security patches.

via TechSpot|

#cybersecurity #hacking #operating-systems

cybersecurity2 years ago•2 min saved

Pwn2Own 2023: Hackers Dominate Major Operating Systems and Tesla Model 3.

Competitors at Pwn2Own Vancouver 2023 successfully exploited 10 zero-day vulnerabilities in products such as Tesla Model 3, Microsoft Teams, Oracle VirtualBox, and Ubuntu Desktop, earning a total of $475,000. Synacktiv's David Berard and Vincent Dehors won $250,000 and a Tesla Model 3 after hacking the Tesla Infotainment Unconfined Root. The vendors have 90 days to patch the vulnerabilities before they are publicly disclosed. The contest offers a total prize of $1,080,000 and two Tesla Model 3 cars.

via BleepingComputer|

#cybersecurity #microsoft-teams #oracle-virtualbox

cybersecurity2 years ago•2 min saved

Pwn2Own 2023: Hackers Dominate Tesla, Windows, Ubuntu, and macOS

A group of hackers successfully hacked a Tesla Model 3 and won the vehicle along with a $100,000 prize at the Pwn2Own hacking competition. The hackers used a TOCTOU exploit to gain access to the vehicle, which involves altering internal files to gain system access. The details of how the hack was performed have not been made entirely public to avoid a security risk for Tesla owners. As electric vehicles and their significant amount of integrated software have become more common in everyday life, the security around them has become significantly more critical.

via TESLARATI|

#cybersecurity #electric-vehicles #hacking

cybersecurity2 years ago•2 min saved

Major Tech Companies Fall Victim to Hacking at Pwn2Own 2023

On the first day of Pwn2Own Vancouver 2023, security researchers successfully hacked Tesla Model 3, Windows 11, and macOS using zero-day exploits and exploit chains, earning $375,000 and a Tesla Model 3. Other products hacked include Adobe Reader, Microsoft SharePoint, Ubuntu Desktop, and Oracle VirtualBox. The contest will continue for three days, with contestants targeting products in various categories. After the vulnerabilities are disclosed, vendors have 90 days to release security fixes before they are publicly disclosed.

via BleepingComputer|

#cybersecurity #macos #pwn2own