During the first day of the Pwn2Own 2020 hacking festival, competitors won a minimum of $180,000 to show hacks affecting Windows 10, Ubuntu Desktop, and macOS.
Pwn2Own usually conducted at the CanSecWest Cyber Security Conference in Vancouver, Canada, and attendees will participate in person. Nonetheless, owing to issues linked to the outbreak of COVID-19 coronavirus, the promoter of the game, the Zero Day Initiative (ZDI), has announced that the contest would be entirely interactive for the first time.
During the first day of Pwn2Own 2020, the Georgia Tech Systems Technology & Protection Lab team successfully deployed macOS technology via Safari. Their exploit chain, which included pressing a calculator via Safari and increasing privileges to root by chaining six separate vulnerabilities, won the $70,000.
as per zerodayinitiative.com
Day One – March 18, 2020
1000 – The Georgia Tech Systems Software & Security Lab (@SSLab_Gatech) team of Yong Hwi Jin (@jinmo123), Jungwon Lim (@setuid0x0_), and Insu Yun (@insu_yun_en) targeting Apple Safari with a macOS kernel escalation of privilege.
SUCCESS – The team from Georgia Tech used a six bug chain to pop calc and escalate to root. They earn $70,000 USD and 7 Master of Pwn points.
Manfred Paul of the RedRocket CTF team claimed $30,000 for a local privilege escalation targeting Ubuntu Desktop. His attack leveraged an erroneous flaw in the validation of data.
Amat Cama and Richard Zhu of Team Fluoroacetate have won $40,000 for local privilege escalation, targeting Windows 10. Zhu has earned another $40,000 for another privilege escalation attack against Windows 10.
Cama and Zhu also took an interest in Pwn2Own, and their attacks won them hundreds of thousands of dollars. They also won the Tesla Model 3 last year after cracking their web browser.
On the second day of Pwn2Own 2020, the participants should attempt to access Oracle VirtualBox, VMware Workstation, and Adobe App.