Synacktiv, a cybersecurity firm, won $360,000 (R6.5 million) and a second Tesla Model 3 on day two of the 2023 Pwn2Own competition in Vancouver, according to Bleeping Computer.
David Berard and Vincent Dehors earned $250,000 (R4.5 million) for the company by hacking the Tesla Model 3 using a heap overflow and an out-of-bounds write exploit chain.
As a reward, they received the automobile itself, and the firm earned an additional $110,000 (R2 million) for successful Oracle VirtualBox and Ubuntu Desktop Exploits.
Thomas Imbert and Thomas Bouzerar of the team used a three-bug chain to elevate access on a VirtualBox host.
Tanguy Dubroca, another team member, demonstrated a zero-day exploit to elevate privileges on Ubuntu Desktop.
During the second day of the challenge, ten zero days were effectively exploited.
Team Viettel’s 2-bug chain exploit for Microsoft Teams, as well as its successful exploitation of a use-after-free flaw and an uninitialized variable on Oracle’s VirtualBox, were other significant hacks.
On the day, the team earned $118,000 (R2.1 million).
Synacktiv’s accomplishment on day two builds on the company’s strong victory on the first day of the 2023 Pwn2Own tournament.
On day one, the business won $140,000 (R2.5 million) for successfully hacking a Tesla Model 3 and elevating privileges on macOS using a time-of-check-to-time-of-use (TOCTOU) zero-day vulnerability.
Synacktiv’s team also used a TOCTOU attack against the Tesla and won the vehicle in addition to the prize money.
