Windows 11 Gets Slaughtered At Pwn2Own, Tesla Model 3 Hacked As Well
The contest awarded a total of $1,155,000 this year, and the biggest payouts were for serious exploits against Microsoft's Teams utility. While Teams isn't technically a part of Windows, it does come bundled with all new installs of Windows 11, which means that these exploits are practically Windows exploits. Hector "p3rr0" Peralta, Masato Kinugawa, and STAR Labs each earned $150,000 for major exploits of the utility.
As far as the Tesla Model 3 goes, Synacktiv were able to demonstrate a sandbox escape exploit on the car's infotainment system. That could allow an attacker to take control of the car's built-in computer and, given another couple of clever exploits, could feasibly be the first step toward a remote attacker taking control of the car's autopilot system. The group earned $75,000 for the bug.
Other targets attacked at Pwn2Own 2022 included Mozilla Firefox (hacked), Apple Safari (hacked), and Ubuntu Desktop (hacked). There were a few failures, although the Zero-Day Initiative—who sponsors the contest—noted that most of the failed hacks were valid, and that the security specialists simply weren't able to get them working within the limited time allotted to do so.
Of course, details of the hacks aren't made public, because they're zero-days, after all. That means that they haven't been patched yet, so releasing details of the exploits could allow malicious actors to make use of the bugs. Details will be revealed 3 months from now, during which time Microsoft, Tesla, Apple, and others should have their software all sewn up.