Exploit zero-day security vulnerabilities on Windows 11, Microsoft Teams and others for money and for glory, such is the challenge that cybersecurity experts set themselves in a hacking contest.
From May 18 to 20, 2022, Pwn2Own Vancouver 2022 is held, a hacking competition organized by the organization Zero Day Initiative. And big names have fallen under the hack attempts of experts.
Microsoft Teams and Windows 11 repeatedly crash
In the category of communication software for professionals, Microsoft Teams fell first. Hector “p3rr0” Peralta managed to exploit a security flaw in the form of a configuration flaw, which requires running the Windows calculator to be able to take advantage of it.
But Microsoft Teams was not at the end of its troubles since two other vulnerabilities could also be exploited during the first day of the event. Masato Kinugawa resorted to a chain of three sandbox, code injection, and misconfiguration flaws to achieve his ends.
The STAR Labs team, made up of Billy Jheng Bing-Jhong, Muhammad Alifa Ramdhan and Nguyễn Hoàng Thạch, was able to demonstrate two vulnerabilities related to the injection and writing of arbitrary files.
The Tesla Model 3 soon to be hacked?
These three players won $150,000 in rewards for successfully attesting to the presence of these security flaws in Microsoft Teams.
Windows 11 is also entitled to its share of zero-day vulnerabilities. Several teams have managed to point out flaws in the operating system. STAR Labs notably got its hands on an additional $40,000 for revealing a Use-After-Free (UAF) vulnerability allowing elevation of privileges on the system.
Ubuntu Desktop, Mozilla Firefox and Oracle Virtualbox have also been successfully hacked. On day two of Pwn2Own Vancouver 2022, competitors will try to exploit new zero-day flaws in Windows 11 and Ubuntu Desktop, as well as the Tesla Model 3 infotainment system.
Source : Bleeping Computer
4