Pwn2Own 2021 began its three days run on Apr 6th 2021 at 1000 EST with the event being streamed on YouTube, Twitch, and its conference website. This year a total of 23 attempts are scheduled over 3 days and targeting 10 products. The first-day results ended with successful hacking attempts against Microsoft Exchange, Microsoft Teams, Windows 10, and Apple’s Safari Browser.
For those still wondering, here is a quick note on Pwn2Own which is an ethical computer hacking contest held annually at the CanSecWest security conference. The main goal of this challenge is to showcase the security vulnerabilities in the most commonly used software. The teams that successfully highlight these shortcomings are rewarded with cash prizes.
Pwn2Own 2021 Day 1 Results
This year the Pwn2Own has organized one of the largest contests as compared to its previous years. The first successful result was achieved by Jack Dates from RET2 Systems who won $100,000 in the Web Browser Category by using an integer overflow in Apple’s Safari. This was followed by the Devcore team which gained $200,000 for taking over the Microsoft Exchange Server.
Moving forward, Microsoft Teams was the next to be compromised by a researcher who combined a pair of bugs to demonstrate code execution. This effort was rewarded with $200,000 and the next event would surprise most of us. Team Viettel logged in to a Windows 10 PC as a regular user and achieved all the System Privileges using an integer overflow. This helped the team gain $40,000 on the first day while the team is preparing for its attack on Microsoft Exchange tomorrow.
With Windows 10 compromised, Ubuntu Desktop also could not find luck as Ryota Shiga of Flatt Security Inc went from a standard user to a root user. This feat was achieved by using an OOB access bug and earned $30,000 as a reward.
However, not all the teams were successful today like the Star Labs team who were targeting the Parallels Desktop and Oracle VirtualBox in two separate events could not achieve success in either of the attempts.