• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
windows, macos, and tesla exploits debuted at pwn2own hacking contest

Windows, macOS, and Tesla exploits debuted at Pwn2Own hacking contest

You are here: Home / General Cyber Security News / Windows, macOS, and Tesla exploits debuted at Pwn2Own hacking contest
March 23, 2023

Bigstock

Security scientists have properly exploited zero-day vulnerabilities found in macOS, Windows, and Tesla application at the Zero Day Initiative’s Pwn2Own conference.  

Day just one of the 2023 competition, hosted in Vancouver, noticed 12 one of a kind zero-day vulnerabilities exploited in Microsoft SharePoint, Windows 11, Adobe Reader, Oracle VirtualBox, Tesla Gateway, and macOS.  

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Abdul Aziz Hariri of security business Haboob successfully exploited vulnerabilities in Adobe Reader. Hariri made use of a 6-bug chained exploit to escape the Adobe sandbox and circumvent APIs on macOS, earning a $50,000 prize in the approach.  

A important conversing stage on working day one of Pwn2Own came when STAR Labs successfully executed a chained exploit from Microsoft SharePoint. The workforce also hacked Ubuntu Desktop with a beforehand recognised vulnerability which noticed them scoop a blended prize of $115,000. 

Synacktiv secured a $140,000 prize haul – and a Tesla Model 3 – right after hacking Apple’s macOS kernel via an elevation of privilege attack as very well as a successful vulnerability exploit of Tesla Gateway. This attack noticed the workforce execute a time-of-check to time-of-use (TOCTOU) attack from the Gateway.

Tesla’s Gateway is a technique in its Powerwall product or service which controls a vehicle’s link to the grid. The Gateway instantly detects outages and offers a “seamless transition” to backup electricity in the party of an outage.  

This is not the 1st time Tesla Gateway has been exploited efficiently. In 2020, scientists at security business Swift7 highlighted security challenges due to the Gateway’s link to the internet.  

Meanwhile, security researcher Marcin Wiazowski used an poor input validation bug to elevate privileges on Windows 11 which noticed him safe a $30,000 prize. 

Bien Pham rounded off the initial day with a thriving exploit from Oracle VirtualBox, earning a prize of $40,000.  

Much more to occur at Pwn2Own 

The annual levels of competition observed $375,000 in prizes awarded around the program of working day one, with Justin Childs, head of threat recognition at the Zero Day Initiative, stating that the contest is “well on its way to a million dollars”.  

Very last year’s contest noticed scientists take property a lot more than $1.1 million in winnings immediately after hacking Windows 11 a overall of six situations and demonstrating three critical Microsoft Groups zero times. 

With two more times still to run at Pwn2Possess, Childs said there’s a lot additional to appear.  

This involves demos for zero-day exploits in Microsoft Groups and abide by-up attempts on Ubuntu Desktop and Oracle VirtualBox. 

Tesla’s Infotainment Unconfined Root will also be in the crosshairs while working day three will see extra attempts on Windows 11, Teams, and VMware Workstation.  


Some elements of this short article are sourced from:
www.itpro.co.uk

Previous Post: «Cyber Security News UK Government Sets Out Vision for NHS Cybersecurity
Next Post: Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps nexus: a new rising android banking trojan targeting 450 financial»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Severe Flaw in Google Cloud’s Cloud SQL Service Exposed Confidential Data
  • New Russian-Linked Malware Poses “Immediate Threat” to Energy Grids
  • Predator Android Spyware: Researchers Sound the Alarm on Alarming Capabilities
  • 5 Must-Know Facts about 5G Network Security and Its Cloud Benefits
  • Romania’s Safetech Leans into UK Cybersecurity Market
  • New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids
  • Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances
  • Advanced Phishing Attacks Surge 356% in 2022
  • Expo Framework API Flaw Reveals User Data in Online Services
  • NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure

Copyright © TheCyberSecurity.News, All Rights Reserved.