Confirmed!! Dung and Nguyen (@MochiNishimiya) of STARLabs used a TOCTOU race condition to escape the VM and an Improper Validation of Array Index for the Windows privilege escalation. They earn $70,000 and 9 Master of Pwn points. #Pwn2Own
Outstanding! Nguyen Hoang Thach of STARLabs SG used a single integer overflow to exploit #VMware ESXi - a first in #Pwn2Own history. He earns $150,000 and 15 Master of Pwn points. #P2OBerlin
Confirmed!! Dinh Ho Anh Khoa of Viettel Cyber Security combined an auth bypass and an insecure deserialization bug to exploit #Microsoft SharePoint. He earns $100,000 and 10 Master of Pwn points. #Pwn2Own #P2OBerlin
Announcing #Pwn2Own Berlin! We're moving our enterprise-focused event to @offensive_con and introducing an AI category. More than $1,000,000 in cash & prizes (Incl. a Tesla) are available to win. Check out the details at https://www.zerodayinitiative.com/blog/2025/2/24/announcing-pwn2own-berlin-2025
The WolfBox E40 EV charger is a target in the upcoming #Pwn2Own Automotive. @infosecdj tears one down in his latest blog to find what attack surfaces exist in the device. He also details extracting the firmware. https://www.zerodayinitiative.com/blog/2024/12/2/detailing-the-attack-surfaces-of-the-wolfbox-e40-ev-charger
#Adobe released a surprise update for InDesign that addresses a single OOB Read reported by ZDI security researcher Mat Powell. It's not under active attack, so it's odd to see it released outside of Patch Tuesday. https://helpx.adobe.com/security/products/indesign/apsb24-91.html
In his second blog post covering the #Kenwood DMX958XR IVI, ZDI researcher Connor Ford examines the device's attack surface and lists all the open-source software used, including a 2011 version of OpenSSL. Awkward.
https://www.zerodayinitiative.com/blog/2024/11/20/looking-at-the-attack-surfaces-of-the-kenwood-dmx958xr-ivi
Thinking of participating in #Pwn2Own Automotive? ZDI's Connor Ford provides a detailed look at the internals of the #Kenwood DMX958XR. This is the first in a series detailing the attack surface of the IVI. Read all the details (and gander at the pics) at https://www.zerodayinitiative.com/blog/2024/11/18/looking-at-the-internals-of-the-kenwood-dmx958xr-ivi
[ZDI-24-1515|CVE-2024-11394] (0Day) Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVSS 8.8; Credit: The_Kernel_Panic) https://www.zerodayinitiative.com/advisories/ZDI-24-1515/
ZDI-24-1514|CVE-2024-11393] (0Day) Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVSS 8.8; Credit: The_Kernel_Panic) https://www.zerodayinitiative.com/advisories/ZDI-24-1514/
Prefer a video wrap of the Patch Tuesday release over the blog? We got you. @TheDustinChilds covers the #Adobe and #Microsoft patches and points out which ones are a bit more than they seem.
It's the penultimate Patch Tuesday of 2024, and there are two active attacks plus 3 (5?) other public bugs to cover. @TheDustinChilds breaks down the latest fixes from #Adobe and #Microsoft in his latest patch blog.
https://www.zerodayinitiative.com/blog/2024/11/12/the-november-2024-security-update-review
Multiple Vulnerabilities in the Mazda Connect Connectivity Master Unit (CMU) - ZDI researcher @infosecdj details several unfixed bugs in the #Visteon IVI found in many Mazda vehicles. He provides root cause and shows how exploitation could occur. https://www.zerodayinitiative.com/blog/2024/11/7/multiple-vulnerabilities-in-the-mazda-in-vehicle-infotainment-ivi-system
Miss any of the highlights from #Pwn2Own Ireland 2024? Not to worry. Brian Gorenc & @TheDustinChilds cover how we spent $1,066,625 for >70 0-days, crowned a Master of Pwn, and maybe had a little too much fun after hours. https://youtu.be/9IQ7qOi4uaw
Our next event will be January 22-24, 2025 in Tokyo as we return for the second #Pwn2Own Automotive. We hope to see you there.
That's a wrap for #Pwn2Own Ireland 2024! Over last 4 days, we awarded $1,066,625 for over 70 0-day bugs. That makes 4 contests in a row that exceeded the million-dollar mark. Congratulations to the Viettel Cyber Security team for winning Master of Pwn with 33 points and $205,000.
Our final attempt of #Pwn2Own Ireland is confirmed! PHP Hooligans / Midnight Blue (@midnightbluelab) used an integer overflow to exploit the Lexmark printer and play us a tune. They earn $10,000 and 2 Master of Pwn points.
The Viettel Cyber Security (@vcslab) team ends their run with a collision. They use 2 bugs to exploit the TrueNAS Mini X. They still earn $20,000 and 2 Master of Pwn points. #Pwn2Own #P2OIreland
Sweet! The Viettel Cyber Security (@vcslab) made the last attempt of the contest successful by exploiting the TrueNAS Mini X. For their final time (at least in this event), they head off to the disclosure room to explain what happened. #Pwn2Own #P2OIreland
Nice! PHP Hooligans / Midnight Blue (@midnightbluelab) wasted no time in exploiting the Lexmark CX331adwe. They even made it play a little tune. They are off to the disclosure room to provide the details. #Pwn2Own #P2OIreland