• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
windows, macos, and tesla exploits debuted at pwn2own hacking contest

Windows, macOS, and Tesla exploits debuted at Pwn2Own hacking contest

You are here: Home / General Cyber Security News / Windows, macOS, and Tesla exploits debuted at Pwn2Own hacking contest
March 23, 2023

Bigstock

Security scientists have properly exploited zero-day vulnerabilities found in macOS, Windows, and Tesla application at the Zero Day Initiative’s Pwn2Own conference.  

Day just one of the 2023 competition, hosted in Vancouver, noticed 12 one of a kind zero-day vulnerabilities exploited in Microsoft SharePoint, Windows 11, Adobe Reader, Oracle VirtualBox, Tesla Gateway, and macOS.  

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Abdul Aziz Hariri of security business Haboob successfully exploited vulnerabilities in Adobe Reader. Hariri made use of a 6-bug chained exploit to escape the Adobe sandbox and circumvent APIs on macOS, earning a $50,000 prize in the approach.  

A important conversing stage on working day one of Pwn2Own came when STAR Labs successfully executed a chained exploit from Microsoft SharePoint. The workforce also hacked Ubuntu Desktop with a beforehand recognised vulnerability which noticed them scoop a blended prize of $115,000. 

Synacktiv secured a $140,000 prize haul – and a Tesla Model 3 – right after hacking Apple’s macOS kernel via an elevation of privilege attack as very well as a successful vulnerability exploit of Tesla Gateway. This attack noticed the workforce execute a time-of-check to time-of-use (TOCTOU) attack from the Gateway.

Tesla’s Gateway is a technique in its Powerwall product or service which controls a vehicle’s link to the grid. The Gateway instantly detects outages and offers a “seamless transition” to backup electricity in the party of an outage.  

This is not the 1st time Tesla Gateway has been exploited efficiently. In 2020, scientists at security business Swift7 highlighted security challenges due to the Gateway’s link to the internet.  

Meanwhile, security researcher Marcin Wiazowski used an poor input validation bug to elevate privileges on Windows 11 which noticed him safe a $30,000 prize. 

Bien Pham rounded off the initial day with a thriving exploit from Oracle VirtualBox, earning a prize of $40,000.  

Much more to occur at Pwn2Own 

The annual levels of competition observed $375,000 in prizes awarded around the program of working day one, with Justin Childs, head of threat recognition at the Zero Day Initiative, stating that the contest is “well on its way to a million dollars”.  

Very last year’s contest noticed scientists take property a lot more than $1.1 million in winnings immediately after hacking Windows 11 a overall of six situations and demonstrating three critical Microsoft Groups zero times. 

With two more times still to run at Pwn2Possess, Childs said there’s a lot additional to appear.  

This involves demos for zero-day exploits in Microsoft Groups and abide by-up attempts on Ubuntu Desktop and Oracle VirtualBox. 

Tesla’s Infotainment Unconfined Root will also be in the crosshairs while working day three will see extra attempts on Windows 11, Teams, and VMware Workstation.  


Some elements of this short article are sourced from:
www.itpro.co.uk

Previous Post: «Cyber Security News UK Government Sets Out Vision for NHS Cybersecurity
Next Post: Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps nexus: a new rising android banking trojan targeting 450 financial»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.