Pwn2Own Vancouver 2022 contestants demonstrated three zero-day exploits on the second day of the competition: a hack of Windows 11, a hack of the infotainment system of the Tesla Model 3, and exploits for two bugs in Ubuntu Desktop.
On the infotainment system of a Telsa Model 3 using collision on a known sandbox escape, David BERARD and Vincent DEHORS from @Synacktiv demonstrated two unique bugs (Double-Free & OOBW) on the first attempt of the day.
Although they did not win the car outright, they earned $75,000 and have 7.5 masters of pwn points, so they made enough to take the car home with them.
While namnp had another attempt at executing their exploit of Microsoft Windows 11 on day 2, however, they were unable to accomplish it within the allotted time frame.
It wasn’t hard for Bien Pham (@bienpnn) to lift privileges under Ubuntu Desktop via an exploit he obtained through a Use After Free bug, earning him $40,000 and 4 Master of Pwn points for his efforts.
In today’s second attempt, Jedar_LZ was unable to complete the task within the timeframe that he was allowed. The good news is that @thedzi acquired the information on the exploit from Tesla and is now sharing it with the company.
In his first demonstration on Microsoft Windows 11, T0 engineered an improper access control bug that enabled him to gain elevated privileges. By doing so, he earned $40,000.00 and 4 Master of Pwn points for his feat.
Team TUTELARY from Northwestern University has successfully exhibited a Use After Free bug leading to the elevation of privilege on Ubuntu Desktop at the end of Day 2.
While the TUTELARY team included Zhenpeng Lin (@Markak_), Yueqi Chen (@Lewis_Chen_), and Xinyu Xing (@xingxinyu). Having done this, the team earned 4 Master of Pwn points and a total of $40,000.