Tesla, Microsoft and Ubuntu bugs discovered throughout Pwn2Own hacking competitors

A number of bugs in Microsoft, Ubuntu and Tesla merchandise had been discovered and exploited through the three-day Pwn2Own hacking convention in Vancouver this week.

The convention – organized by Development Micro’s Zero Day Initiative – provides hackers an opportunity to earn cash in alternate for locating and exploiting vulnerabilities in fashionable merchandise. 

By the top of day two on Thursday, the convention had paid out $945,000 in rewards, together with $75,000 to hackers with offensive safety firm Synacktiv for 2 distinctive bugs discovered within the Tesla Mannequin 3 Infotainment System.

The bugs allowed hackers to take over a number of the automobile’s techniques.

The Zero Day Initiative additionally ended up buying a vulnerability within the Tesla Mannequin 3 Diagnostic Ethernet and disclosing it to the automobile producer. 

A safety engineer at Sea Safety Response, Bien Pham, and a crew from Northwestern College demonstrated two ‘Use After Free’ elevation of privilege vulnerabilities on Ubuntu Desktops. Use After Free bugs are vulnerabilities that happen due to points with how functions handle their reminiscence. The reminiscence corruption bugs are usually used to assault and exploit browsers. 

The Northwestern College crew. Picture: The Zero Day Initiative

One other Use After Free bug was present in Ubuntu on day three of the competitors alongside different Microsoft Home windows 11 vulnerabilities. 

The primary day of the occasion noticed 16 zero-day bugs exploited in Ubuntu Desktop, Apple Safari, Oracle Virtualbox, Mozilla Firefox, in addition to Microsoft’s Home windows 11 and Groups. 

Greater than $800,000 was awarded for the 16 zero-days exploited. 

The competitors, which marked its fifteenth anniversary this 12 months, featured 17 contestants from dozens of cybersecurity corporations focusing on 21 totally different merchandise throughout a number of classes. STAR Labs led the best way on the finish of the second day with whole earnings of $270,000. 

Distributors have 90 days to provide a repair for all vulnerabilities disclosed through the competitors. 

Jonathan has labored throughout the globe as a journalist since 2014. Earlier than transferring again to New York Metropolis, he labored for information retailers in South Africa, Jordan and Cambodia. He beforehand lined cybersecurity at ZDNet and TechRepublic.

Supply hyperlink

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button