Saturday, April 19, 2025
HomeBug BountyTesla Model 3, Ubuntu Desktop & Windows 11 Hacked - Pwn2Own Day...

Tesla Model 3, Ubuntu Desktop & Windows 11 Hacked – Pwn2Own Day 2

Published on

SIEM as a Service

Follow Us on Google News

Pwn2Own Vancouver 2022 contestants demonstrated three zero-day exploits on the second day of the competition: a hack of Windows 11,  a hack of the infotainment system of the Tesla Model 3, and exploits for two bugs in Ubuntu Desktop.

On the infotainment system of a Telsa Model 3 using collision on a known sandbox escape, David BERARD and Vincent DEHORS from @Synacktiv demonstrated two unique bugs (Double-Free & OOBW) on the first attempt of the day.

Although they did not win the car outright, they earned $75,000 and have 7.5 masters of pwn points, so they made enough to take the car home with them.

- Advertisement - Google News

While namnp had another attempt at executing their exploit of Microsoft Windows 11 on day 2, however, they were unable to accomplish it within the allotted time frame.

It wasn’t hard for Bien Pham (@bienpnn) to lift privileges under Ubuntu Desktop via an exploit he obtained through a Use After Free bug, earning him $40,000 and 4 Master of Pwn points for his efforts.

In today’s second attempt, Jedar_LZ was unable to complete the task within the timeframe that he was allowed. The good news is that @thedzi acquired the information on the exploit from Tesla and is now sharing it with the company.

In his first demonstration on Microsoft Windows 11, T0 engineered an improper access control bug that enabled him to gain elevated privileges. By doing so, he earned $40,000.00 and 4 Master of Pwn points for his feat.

Team TUTELARY from Northwestern University has successfully exhibited a Use After Free bug leading to the elevation of privilege on Ubuntu Desktop at the end of Day 2. 

While the TUTELARY team included Zhenpeng Lin (@Markak_), Yueqi Chen (@Lewis_Chen_), and Xinyu Xing (@xingxinyu). Having done this, the team earned 4 Master of Pwn points and a total of $40,000.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

How To Detect Obfuscated Malware That Evades Static Analysis Tools

Obfuscated malware presents one of the most challenging threats in cybersecurity today. As static...

How Security Analysts Detect and Prevent DNS Tunneling Attack In Enterprise Networks

DNS tunneling represents one of the most sophisticated attack vectors targeting enterprise networks today,...

How to Conduct a Cloud Security Assessment

Cloud adoption has transformed organizations' operations but introduces complex security challenges that demand proactive...

U.S DOGE Allegedly Breached – Whistleblower Leaked Most Sensitive Documents

A federal whistleblower has accused the Department of Government Efficiency (DOGE) of orchestrating a...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

How To Detect Obfuscated Malware That Evades Static Analysis Tools

Obfuscated malware presents one of the most challenging threats in cybersecurity today. As static...

How Security Analysts Detect and Prevent DNS Tunneling Attack In Enterprise Networks

DNS tunneling represents one of the most sophisticated attack vectors targeting enterprise networks today,...

U.S DOGE Allegedly Breached – Whistleblower Leaked Most Sensitive Documents

A federal whistleblower has accused the Department of Government Efficiency (DOGE) of orchestrating a...