Day Two of Pwn2Own Vancouver 2023 Brings Million-Dollar Exploit Victories for Hackers
On the second day of the Pwn2Own Vancouver 2023 hacking contest, a total of 10 unique zero-day vulnerabilities were successfully exploited, earning a collective prize payout of $475,000.
The event, organised by Zero Day Initiative (ZDI), saw a team from the Georgia Tech Systems Software and Security Lab make a significant impact. They successfully exploited a Safari browser vulnerability, earning themselves $40,000, and another macOS kernel vulnerability, which netted them an additional $20,000.
In the realm of Windows, Team Fluoroacetate, composed of hackers Amat Cama and Richard Zhu, demonstrated their skills by exploiting a Windows 10 virtual machine, earning $80,000, and an additional $20,000 for exploiting Microsoft Edge.
Notably, no vulnerabilities were found in the Apple Safari browser, apart from the one exploited by the Georgia Tech team, during the second day of the competition. Similarly, no vulnerabilities were discovered in the Google Chrome browser, the Windows 10 virtual machine, or the Ubuntu operating system during the same day.
The second day of Pwn2Own Vancouver 2023 awarded a total of $200,000 in prize money to the participating teams. The competition will continue on the final day, March 24, with attempts to exploit various software and operating systems beyond those already tested.
Pwn2Own competitions typically reward hackers for demonstrating zero-day exploits in popular software and operating systems. Prize amounts vary based on the target difficulty and exploit significance, often ranging from tens of thousands to over $100,000. The successes reported on the second day involved high-value critical exploits, contributing to the sizable total bounty awarded.
For detailed information about the exact list of exploited vulnerabilities and their individual prize awards, further specialized sources such as official Pwn2Own 2023 press releases or detailed vulnerability disclosure reports would be necessary.
The competition started on March 23 and will conclude on March 24, with hackers testing the security of various software and operating systems such as Microsoft Edge, Google Chrome, Apple Safari, and Ubuntu. The event provides a platform for researchers to showcase their skills, while also highlighting areas for improvement in the security of popular software and operating systems.
In the event's second day, no cybersecurity vulnerabilities were discovered in the Apple Safari browser beyond the one exploited by the Georgia Tech team, indicating a strong defense mechanisms in place. On another note, an encyclopedia detailing the exploited vulnerabilities and their corresponding prize awards for the day might be helpful for those interested in sports-betting on the future outcomes of the Pwn2Own competitions, as prize amounts often reflect the difficulty and significance of the exploits.
