Tuesday, January 14, 2025
HomeBug BountyTesla Model 3, Ubuntu Desktop & Windows 11 Hacked - Pwn2Own Day...

Tesla Model 3, Ubuntu Desktop & Windows 11 Hacked – Pwn2Own Day 2

Published on

Pwn2Own Vancouver 2022 contestants demonstrated three zero-day exploits on the second day of the competition: a hack of Windows 11,  a hack of the infotainment system of the Tesla Model 3, and exploits for two bugs in Ubuntu Desktop.

On the infotainment system of a Telsa Model 3 using collision on a known sandbox escape, David BERARD and Vincent DEHORS from @Synacktiv demonstrated two unique bugs (Double-Free & OOBW) on the first attempt of the day.

Although they did not win the car outright, they earned $75,000 and have 7.5 masters of pwn points, so they made enough to take the car home with them.

While namnp had another attempt at executing their exploit of Microsoft Windows 11 on day 2, however, they were unable to accomplish it within the allotted time frame.

It wasn’t hard for Bien Pham (@bienpnn) to lift privileges under Ubuntu Desktop via an exploit he obtained through a Use After Free bug, earning him $40,000 and 4 Master of Pwn points for his efforts.

In today’s second attempt, Jedar_LZ was unable to complete the task within the timeframe that he was allowed. The good news is that @thedzi acquired the information on the exploit from Tesla and is now sharing it with the company.

In his first demonstration on Microsoft Windows 11, T0 engineered an improper access control bug that enabled him to gain elevated privileges. By doing so, he earned $40,000.00 and 4 Master of Pwn points for his feat.

Team TUTELARY from Northwestern University has successfully exhibited a Use After Free bug leading to the elevation of privilege on Ubuntu Desktop at the end of Day 2. 

While the TUTELARY team included Zhenpeng Lin (@Markak_), Yueqi Chen (@Lewis_Chen_), and Xinyu Xing (@xingxinyu). Having done this, the team earned 4 Master of Pwn points and a total of $40,000.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details

A critical flaw in Google's "Sign in with Google" authentication system has left millions...

Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the...

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details

A critical flaw in Google's "Sign in with Google" authentication system has left millions...

Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the...

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...