Ubuntu Desktop Hacked Three Times at Pwn2own

On the third day of the Pwn2Own hacker contest, security researchers won a total of $185,000 for exploiting five zero-day vulnerabilities in Windows 11, Ubuntu Desktop, and VMware Workstation. The highlight of the day was the demonstration of three 0-day vulnerabilities in Ubuntu Desktop by three different teams.

Asu Sefcom’s Kyle Zeng won $30,000 for exploiting a double memory release vulnerability (Double-Free), while Mingi Cho from Theori received the same amount for exploiting a Use-After-Free vulnerability. A third team, Qrious Security’s A Bjen Fama, won $15,000 for demonstrating errors during hacking.

Thomas Imbert from Synacktiv also earned $30,000 for exploiting a USE-AFTER-FREE error in Windows 11. Additionally, the Star Labs team used inconsolable variables and an exploit-AFREE chain to exploit VMware Workstation, earning a reward of $80,000.

The first day of PWN2OWN saw security researchers successfully demonstrate zero-day exploits for Tesla Model 3, Windows 11, and MacOS in the struggle for the main prize of $375,000 and Tesla Model 3. On the second day, participants received a reward of $475,000 after using 10 zero-days in Windows 11, Tesla, Ubuntu, and MacOS.

In total, security researchers won $1,035,000 in prize money, and the Tesla car was awarded to Synacktiv specialists for 27 zero-day exploits. The Synacktiv team became the winner of the competition, taking home $530,000 and a Tesla Model 3 for their hacking prowess.

/Reports, release notes, official announcements.