Saturday, November 2, 2024
HomeBug BountyTesla Model 3, Ubuntu Desktop & Windows 11 Hacked - Pwn2Own Day...

Tesla Model 3, Ubuntu Desktop & Windows 11 Hacked – Pwn2Own Day 2

Published on

Malware protection

Pwn2Own Vancouver 2022 contestants demonstrated three zero-day exploits on the second day of the competition: a hack of Windows 11,  a hack of the infotainment system of the Tesla Model 3, and exploits for two bugs in Ubuntu Desktop.

On the infotainment system of a Telsa Model 3 using collision on a known sandbox escape, David BERARD and Vincent DEHORS from @Synacktiv demonstrated two unique bugs (Double-Free & OOBW) on the first attempt of the day.

Although they did not win the car outright, they earned $75,000 and have 7.5 masters of pwn points, so they made enough to take the car home with them.

- Advertisement - SIEM as a Service

While namnp had another attempt at executing their exploit of Microsoft Windows 11 on day 2, however, they were unable to accomplish it within the allotted time frame.

It wasn’t hard for Bien Pham (@bienpnn) to lift privileges under Ubuntu Desktop via an exploit he obtained through a Use After Free bug, earning him $40,000 and 4 Master of Pwn points for his efforts.

In today’s second attempt, Jedar_LZ was unable to complete the task within the timeframe that he was allowed. The good news is that @thedzi acquired the information on the exploit from Tesla and is now sharing it with the company.

In his first demonstration on Microsoft Windows 11, T0 engineered an improper access control bug that enabled him to gain elevated privileges. By doing so, he earned $40,000.00 and 4 Master of Pwn points for his feat.

Team TUTELARY from Northwestern University has successfully exhibited a Use After Free bug leading to the elevation of privilege on Ubuntu Desktop at the end of Day 2. 

While the TUTELARY team included Zhenpeng Lin (@Markak_), Yueqi Chen (@Lewis_Chen_), and Xinyu Xing (@xingxinyu). Having done this, the team earned 4 Master of Pwn points and a total of $40,000.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...