On the third day of the Pwn2Own hacking contest, safety researchers have been awarded $185,000 after demonstrating 5 zero-day exploits concentrating on Home windows 11, Ubuntu Desktop, and the VMware Workstation virtualization software program.

The spotlight of the day was the Ubuntu Desktop working system getting hacked thrice by three completely different groups, though one in all them was a collision with the exploit being beforehand recognized.

The three working Ubuntu zero-day have been demoed by Kyle Zeng of ASU SEFCOM (a double free bug), Mingi Cho of Theori (a Use-After-Free vulnerability), and Bien Pham (@bienpnn) of Qrious Safety.

Whereas the primary two have been every awarded $30,000 for his or her zero-day exploits, Pham solely earned $15,000 because of a bug collision.

A totally patched Home windows 11 system was hacked once more at Pwn2Own, with Thomas Imbert (@masthoon) from Synacktiv (@Synacktiv) incomes $30,000 for a Use-After-Free (UAF) bug.

Final however not least, the STAR Labs (@starlabs_sg) group used an uninitialized variable and UAF exploit chain in opposition to VMWare Workstation for an $80,000 award.

On the primary day, Pwn2Own Vancouver 2023 contestants earned $375,000 and a Tesla Mannequin 3 after demoing 12 zero-days within the Tesla Mannequin 3, Home windows 11, Microsoft SharePoint, Oracle VirtualBox, and macOS.

Throughout the second day, rivals have been awarded $475,000 after exploiting 10 zero-days in a number of merchandise, together with Home windows 11, Tesla, Ubuntu, and macOS.

This brings the full to $1,035,000 and a automobile awarded for 27 zero-day exploits demoed through the three days of this 12 months’s Pwn2Own Vancouver 2023 contest.

The winners of the competitors are Synacktiv, who earned $530,000 and a Tesla Mannequin 3 automobile for his or her exploits.

That’s a wrap for #P2OVancouver! Contestants disclosed 27 distinctive 0-days and received a mixed $1,035,000 (and a automobile)! Congratulations to the Masters of Pwn, @Synacktiv, for his or her large success and arduous work! They earned 53 factors, $530,000, and a Tesla Mannequin 3. #Pwn2Own pic.twitter.com/xtd0cdjGC3

— Zero Day Initiative (@thezdi) March 24, 2023

At Pwn2Own Vancouver 2023, safety researchers focused software program from a number of classes, together with automotive, enterprise functions and communications, servers, virtualization, and native escalation of privilege (EoP).

“For this 12 months’s occasion, each spherical can pay full worth, which suggests if all exploits succeed, we’ll award over $1,000,000 USD,” stated.

Distributors have 90 days to patch the zero-day bugs demoed and disclosed throughout Pwn2Own earlier than Development Micro’s Zero Day Initiative will publicly launch technical particulars.

Finally 12 months’s Pwn2Own Vancouver hacking competitors, researchers have been awarded $1,155,000 after hacking the Tesla Mannequin 3 Infotainment System and taking down Home windows 11, Microsoft Groups, and Ubuntu Desktop utilizing a number of zero-day bugs and exploit chains.