May 14, 2024 at 10:48AM VMware addressed four security vulnerabilities, including three zero-days exploited in the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw, CVE-2024-22267, allows code execution as the virtual machine’s VMX process. Two other high-severity bugs (CVE-2024-22269 and CVE-2024-22270) enable information disclosure, and the fourth vulnerability (CVE-2024-22268) creates a denial of service … Read more
March 27, 2024 at 02:47PM Google fixed two zero-day security vulnerabilities in the Chrome web browser, including type confusion and use-after-free weaknesses exploited during the Pwn2Own Vancouver 2024 hacking competition. The vulnerabilities allowed for remote code execution via crafted HTML pages. The patches were released in Chrome version 123.0.6312.86/.87 for Windows and Mac and 123.0.6312.86 … Read more
March 25, 2024 at 06:18AM Mozilla has released updates for the Firefox browser to fix two zero-day vulnerabilities that were exploited at the Pwn2Own Vancouver 2024 hacking contest. The first vulnerability allows for bypass of range analysis, while the second issue leads to a sandbox escape. Both vulnerabilities are considered critical and were patched in … Read more
March 22, 2024 at 01:52PM Mozilla released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition. Manfred Paul earned $100,000 and 10 Master of Pwn points after exploiting the flaws. Mozilla quickly patched the vulnerabilities in Firefox 124.0.1 and Firefox ESR 115.9.1 to prevent … Read more
March 22, 2024 at 01:13AM Pwn2Own Vancouver 2024 concluded with security researchers earning $1,132,500 by demonstrating 29 zero-day vulnerabilities across various categories, including web browsers, cloud-native/container, virtualization, enterprise applications, and automotive products. Notably, Manfred Paul and Team Synacktiv emerged as top performers by exploiting various software and winning cash prizes and a Tesla Model 3. … Read more
March 21, 2024 at 05:51AM At Pwn2Own Vancouver 2024, participants earned over $700,000 on the first day by successfully demonstrating exploits against Tesla, Linux, Windows, and software. The Synacktiv team secured $200,000 and a Tesla Model 3 for an exploit targeting a Tesla ECU. Other significant rewards were earned for exploits involving VMware Workstation, Oracle … Read more
March 21, 2024 at 03:14AM At Pwn2Own Vancouver 2024, contestants exploited zero-day vulnerabilities, earning over $1.3 million and a Tesla Model 3 car. The exploits targeted various platforms including Windows 11, Tesla, Ubuntu Linux, and web browsers. Vendors have 90 days to create security patches for reported flaws before public disclosure by Trend Micro’s Zero … Read more
January 26, 2024 at 03:51AM Cybersecurity researchers and bug bounty hunters earned over $1.3 million from hacking Teslas, EV chargers, and infotainment systems at the Pwn2Own Automotive competition. The Synacktiv team won, earning $450,000 by exploiting vulnerabilities. ZDI is preparing for Pwn2Own Vancouver 2024, with a prize pool exceeding $1 million. Last year’s competition in … Read more