“Unleashing the Hackers: Windows 11, Tesla, macOS, & Ubuntu Desktops All Breached – Is Your Device Safe?”
Pwn2Own 2021 Kicks Off: The Highlights From Day One
The Pwn2Own 2021 event kicked off on April 6, 2021, and brought together some of the most skilled security researchers from around the world. Day One saw contestants targeting a range of software, including browsers and virtualization software. Here are some of the highlights from the first day of the event.
Safari on macOS was the first to fall, with the Qihoo360 team using a combination of code execution and escalation of privilege vulnerabilities to gain access to the system. Netgear NightHawk R7800 router was also compromised by the Qihoo360 team using a pre-authentication vulnerability that allowed them to execute code on the device.
Next up was the Fluoroacetate team, who successfully compromised Windows 10 Enterprise running in a virtual machine hosted by Oracle VirtualBox. The team used an integer overflow vulnerability in the Windows guest to escape the VM and execute code on the host operating system.
The Alpha Lab team found a bug in Microsoft Exchange Server and used it to gain remote code execution on the server, earning themselves a $200,000 prize. The Devcore team also demonstrated exploits targeting Adobe Reader and successfully gained code execution on a fully patched version of the software.
Another highlight came from the Dataflow Security team, who exploited a vulnerability in Zoom to gain access to the host system, allowing them to execute code with elevated privileges.
Overall, day one of Pwn2Own 2021 was a huge success, with contestants demonstrating their skills in discovering and exploiting vulnerabilities in various systems and software. The event serves as a reminder of the importance of keeping software and systems up-to-date, as well as the need to continually enhance cybersecurity measures to prevent attacks.
1. Cybersecurity researchers and hackers have come together at the Pwn2Own 2021 event.
2. The Qihoo 360 team successfully compromised Safari on macOS and Netgear NightHawk R7800 router by exploiting code execution and escalation of privilege vulnerabilities.
3. The Fluoroacetate team exploited an integer overflow vulnerability in the Windows guest to escape the VM and execute code on the host operating system.
4. The Alpha Lab team discovered a bug in Microsoft Exchange Server that allowed them to gain remote code execution on the server.
5. Emerging threats were also discovered as the Dataflow Security team exploited a vulnerability in Zoom to access the host system.
6. This event emphasizes the importance of keeping software and systems up-to-date and improving cybersecurity measures to avoid cyberattacks.