Ubuntu & Tesla hacked in Pwn2Own Vancouver 2022
The three-day Pwn2Own 2022 hackathon in Vancouver has come to an end this week. Pwn2Own is the world’s most famous hacker competition with the most lucrative prize money. It is hosted by the ZDI (Zero Day Initiative), a project team of TippingPoint, a US Pentagon network security service provider. The challenge for contestants is to identify undiscovered vulnerabilities in widely used software and mobile devices. Tech companies will support the competition and improve their products with hacking challenges.
Ubuntu was taken down three times:
The Orca team at Sea Security (security.sea.com) discovered two vulnerabilities in the Ubuntu desktop: Out-of-Bounds Write (OOBW) and Use-After-Free (UAF), resulting in privilege escalation and a $40,000 bounty. This type of vulnerability is usually caused by poor application management of memory and is often used to attack and exploit browsers.
- The TUTELARY team at Northwestern University also successfully demonstrated a Use After Free vulnerability for privilege escalation on the Ubuntu desktop and won a $40,000 bounty.
STAR Labs security researcher Billy Jheng Bing-Jhong also successfully demonstrated a Use-After-Free-based exploit on the Ubuntu desktop on the third day of the competition and won a $40,000 prize.
The organizers say they awarded a total of $1,155,000 for 25 unique zero-day exploits in this contest.