Security researchers managed to discover as many as 27 zero-days in major enterprise software during the three days of the Pwn2Own Vancouver 2023 event. Zero-days were found in Windows 11, Ubuntu and macOS, among others, as well as in Oracle and VMware products and Tesla’s firmware.
The various participating teams discovered various vulnerabilities in important software on different days during the event. Operating systems in particular were subjected to attacks that produced a number of zero-day exploits.
Other attacks were carried out on automotive software, business applications and communication systems, virtualization solutions and local escalation of privileges, among others.
Operating systems and business software
More specifically, these involved the operating systems Windows 11, macOS, as well as Ubuntu Desktop. The latter operating system in particular was hacked three times by three different teams.
In addition, event participants managed to exploit zero-days in the VMware Workstation virtualization software and in the Oracle VirtualBox solution. A zero-day was also found in Microsoft SharePoint. Furthermore, a vulnerability was also found in a Tesla Model 3.
The various researchers who succeeded in performing hacks were awarded cash prizes for doing so. The vendors of the software in which the zero-days were found will be given 90 days to implement patches. After that, the technical details of the vulnerabilities found will be published.
Also read: Zero trust in complex environments: how to ensure secure access to apps?