Sunday, February 9, 2025
HomeHacksUbuntu Desktop & Windows 11 Hacked - Pwn2Own Day 3

Ubuntu Desktop & Windows 11 Hacked – Pwn2Own Day 3

Published on

SIEM as a Service

Follow Us on Google News

After the first and second day, on day 3 , Three more zero-day exploits were successfully used by security researchers to hack the Windows 11 OS of Microsoft on the third and last day of the 2022 Pwn2Own Vancouver hacking contest.

Team DoubleDragon’s first attempt of the day to exploit Microsoft Teams failed because they were unable to demonstrate their exploit within the time allowed by Microsoft.

Although all is not lost, because ZDI was able to incorporate Team Double Dragon’s research into standard procedures.

The other contestants had successfully taken down Windows 11 for three times and Ubuntu Desktop for one time as well, earning them $160,000.

It was shown successfully that nghiadt12 from Viettel Cyber Security was able to exploit an integer overflow vulnerability in Windows 11 in order to gain elevated privileges.

In turn, they received a reward of $40,000 along with 4 Master of Pwn points as a reward for their execution.

On Ubuntu Desktop, a Use-After-Free exploit was successfully demonstrated by the STAR Labs’ Billy Jheng Bing-Jhong (@st424204). His mastery of Pwn capabilities earned him another $40,000 along with four more Master points.

Through an improperly implemented access control mechanism on Microsoft Windows 11, vinhthp1712 has achieved Elevation of Privilege. It has been confirmed that vinhthp1712 has been awarded $40,000 and 4 Master of Pwn points.

Bruno PUJOS from REverse Tactics has achieved Elevation of Privilege by utilizing the Use-After-Free exploit on Microsoft Windows 11 during the final attempt of the competition.

While it is also worth mentioning that this earned him $40,000 in addition to 4 Master of Pwn points.

In conclusion, the regularly scheduled programming event, Pwn2Own has concluded with this final session.

The total number of attempts this year was 21 from 17 different contestants with Trend Micro and ZDI awarding $1,155,000 to the winner.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Salt Typhoon Hacked Nine U.S. Telecoms, Tactics and Techniques Revealed

Salt Typhoon, a state-sponsored Advanced Persistent Threat (APT) group linked to the People's Republic...

APT32 Hacker Group Attacking Cybersecurity Professionals Poisoning GitHub

The malicious Southeast Asian APT group known as OceanLotus (APT32) has been implicated in...

Casio Hacked – Servers Compromised by a Ransomware Attack

Casio Computer Co., Ltd. has confirmed a significant cybersecurity breach after its servers were...