HomeTech NewsCommunicationPwn2Own 2022 confirms that there is no such thing as invulnerable software

Pwn2Own 2022 confirms that there is no such thing as invulnerable software

Published on

- Advertisement -

pwn2own 2022 has been the new edition of the most important hacking contest on the planet. The event is held annually and its objective is find critical vulnerabilities in a controlled environment for vendors to improve the security of their developments before flaws can be exploited.

And it is that the participants, the best hackers of White hat of the planet and researchers from the big security firms, commit to deliver all the research privately and not make it public for a minimum period of 90 days. In exchange, the contest, organized by the Zero Day Initiative of Trend Micro, delivers succulent prizes in what is considered a great investment for what it means to anticipate what may come from cybercrime, thereby reinforcing the security of software and devices.

[mb_related_posts1]

Pwn2Own 2022: nobody resists

As in previous years, the list of hacked software is as broad as the targets attacked (21 products in various categories) and neither open source nor proprietary software is spared. Windows 11, Microsoft Teams, Oracle VirtualBox, Mozilla Firefox, Apple Safari, Ubuntu Desktop or Tesla cars, were successfully hacked by various teams during the three days of the event.

Windows 11, the latest Microsoft system, has been one of the preferred targets by researchers and they showed six successful exploits, three of them Zero-Day vulnerabilities. Among the most interesting, they highlighted an escalation of privileges using Integer Overflow techniques (buffer overflow) and another using the Use-After-Free attack that takes advantage of errors in the memory address to cause denial of service and code execution, achieving total control. of the team.

This same exploit was used by two groups to hack into a system running Ubuntu Desktop. It is a well-documented attack that exploits vulnerabilities in the way applications manage memory. Three zero-days were also revealed in the Microsoft Teams communication platform and various vulnerabilities in the Apple Safari and Mozilla Firefox browsers or the Oracle Virtualbox virtualization software.

Pwn2Own 2022confirms that there is no such thing as invulnerable software 29">

The infotainment system of Tesla 3 cars was also hacked. The automotive category was premiered at Pwn2Own 2019, as it was considered an important segment in the face of the rise of smart/autonomous cars. Back then, a researcher used a JIT bug in the web browser’s rendering process to execute code in the car’s firmware and display a message on the car’s infotainment system. He took the car that Tesla gave away as a prize.

[mb_related_posts2]

In total, the Pwn2Own 2022 has awarded 1.2 million dollars in prizes. After the vulnerabilities are exploited and disclosed in a controlled manner in the event software and hardware vendors have 90 days to release security fixes of all reported vulnerabilities.

More information on Pwn2Own 2022 | Zero Day Initiative

- Advertisement -

Latest articles

This is the new Xiaomi home router, discreet but complete

Xiaomi has opted this time for a fairly discreet design, which looks mostly like...

Twitter will let you follow service feeds

Twitter continues with the rhythm that it already showed during the whole of last...

Isolation mode, Apple’s answer to Pegasus

The revelations about Pegasus, the espionage system developed by NSO Group, have marked a...

How to pixelate parts of an image to share with WhatsApp for Android

WhatsApp has finally finished make the image pixelation tool available to Android device userswhich...

More like this

So you can connect your AirPods to your Mac and use Handoff

All Apple users know that the company likes to have all its devices connected...

Compilation of the best 4K and QHD wallpaper apps of 2022

We have already talked before about various mobile applications that serve to provide varied...

Android Auto 7.9 is now official: the new beta version could increase the quality of the audio and can now be downloaded

A week after Android Auto hit 7.8 stable, the beta progresses to receive Android...