The finals of the Pwn2Own ethical hacking battle are finally over with the last events conducted on 08th April. The results were divided among 50% complete success and the remaining 50% were partial wins. The event started in a great manner at 0900 in the morning when Benjamin McBride won $40000 for executing code on host OS from within Parallels desktop.
The next set of four events towards Microsoft Exchange, Ubuntu desktop, Windows 10, and Parallels Desktop were termed as a partial success because of all the methods used in these four events and the bug reported was already known by the respective organizations. There were no cash prizes awarded here but the winners were given points towards Master of PWN. The main highlight of these events was Alisa Esage, the first woman to participate as an independent researcher, and targeted Parallels Desktop in the Virtualization category.
The final three events towards Ubuntu Desktop, Parallels Desktop and Windows 10 desktop all resulted in success and were awarded cash prizes. Vincent Dehors claimed $30,000 to escalate to the root of the Ubuntu desktop through a double-free bug. The next prize of $40,000 was claimed by Da Lao who completed guest to host via OOB Write in Parallels Desktop. The final win of the day and the tournament was achieved by Marcin Wiazowski who won a whopping amount of $40,000 after using a UAF bug to gain System Access on a Windows 10 PC.
The entire event was sponsored by VMware and other partners included Adobe, Zoom, and Tesla. The vendors of the event have 90 days to produce a fix for the vulnerabilities reported. Here is a summary report of all three days in case you missed it.
|
Sn No |
Date | Time | Event | Person/Team |
Status |
|
1 |
Apr 6, 2021 | 1000 | Apple Safari | Jack Dates | Success |
| 2 | Apr 6, 2021 | 1130 | Microsoft Exchange | DEVCORE |
Success |
|
3 |
Apr 6, 2021 | 1300 | Microsoft Teams | OV | Success |
|
4 |
Apr 6, 2021 | 1430 | Windows 10 | Viettel | Success |
| 5 | Apr 6, 2021 | 1530 | Parallels Desktop | Star Labs |
Failure |
| 6 | Apr 6, 2021 | 1630 | Ubuntu Desktop | Ryota Shiga |
Success |
|
7 |
Apr 6, 2021 | 1730 | Oracle Virtualbox | Star Labs | Failure |
| 8 | Apr 7, 2021 | 0900 | Parallels Desktop | Jack Dates |
Success |
|
9 |
Apr 7, 2021 | 1000 | Google Chrome & Microsoft Edge | Bruno Keith & Niklas BaumStark | Success |
|
10 |
Apr 7, 2021 | 1130 | Microsoft Exchange | Viettel | Partial |
| 11 | Apr 7, 2021 | 1300 | Zoom Messenger | Daan Keuper & Thijs Alkemade |
Success |
| 12 | Apr 7, 2021 | 1430 | Windows 10 | Tao Yan |
Success |
|
13 |
Apr 7, 2021 | 1530 | Parallels Desktop | Sunjoo Park | Success |
| 14 | Apr 7, 2021 | 1630 | Ubuntu Desktop | Manfred Paul |
Success |
|
15 |
Apr 7, 2021 | 1730 | Windows 10 | z3r09 | Success |
| 16 | Apr 8, 2021 | 0900 | Parallels Desktop | Benjamin McBride |
Success |
|
17 |
Apr 8, 2021 | 1000 | Microsoft Exchange | Steven Seeley | Partial |
|
18 |
Apr 8, 2021 | 1130 | Ubuntu Desktop | Star Labs |
Partial |
| 19 | Apr 8, 2021 | 1230 | Windows 10 | Fabien Perigaud |
Partial |
|
20 |
Apr 8, 2021 | 1330 | Parallels Desktop | Alisa Esage | Partial |
| 21 | Apr 8, 2021 | 1430 | Ubuntu Desktop | Vincent Dehors |
Success |
|
22 |
Apr 8, 2021 | 1530 | Parallels Desktop | Da Lao | Success |
| 23 | Apr 8, 2021 | 1630 | Windows 10 | Marcin Wiazowski |
Success |
One glance at the table above would tell you that out of the 23 events scheduled, only 2 failed as the team was not able to complete the task in the allotted time and with 5 Partials, 16 events were a complete success. The 5 partial successes were so-called because the method or bug used was already known before the contest.
For complete results and more details, click here
The reason for concern here is if you count the actual total number of successes then it amounts to 21 out of 23 which amounts to 91% success (including partial wins). This brings a serious thought to our mind “Are the operating systems and software we use so vulnerable by hackers?” I leave you to think and ponder over this and please share your comments in the section below.
Subscribe Now & Never Miss The Latest Tech Updates!