The Zero Day Initiative’s Pwn2Own Toronto 2023 hacking competitors concluded on Friday with two new zero-day exploits, bringing the full demonstrated vulnerabilities to 58.
Over the course of 4 days, members efficiently exploited routers, printers, sensible audio system, NAS merchandise, surveillance methods, and cellphones, incomes greater than $1 million in rewards.
Following a busy first day of the competitors, when 18 exploits have been demonstrated and greater than $400,000 earned in rewards, members showcased 15 exploits on the second day, eight on the third day, and three on the final day.
The best reward, of $100,000, was awarded on the second day of the competition to Chris Anastasio, for bugs within the P-Hyperlink Omada Gigabit router and one within the Lexmark CX331adwe printer.
All through the competitors, workforce Viettel demonstrated a number of exploits, incomes a complete of $180,000 in rewards. Staff Orca of Sea Safety was additionally in a position to efficiently reveal a number of exploits, incomes roughly $116,000, whereas Pentest Restricted earned $90,000 in rewards.
Interrupt Labs, Star Labs SG, a Devcore intern, ANHTUD, Claroty, workforce ECQ, Sina Kheirkhah, Binary Manufacturing facility, Synacktiv, Rafal Goryl, Sonar, ToChim, Nguyen Quoc Viet, and others additionally demonstrated profitable exploits, although not all of them focused new vulnerabilities.
A number of the demonstrated exploits chained two or three vulnerabilities, however most of them have been single-bug exploits. Most of the exploits led to distant code execution.
All of the vulnerabilities have been reported to the distributors, who’ve 90-days to handle them earlier than particulars are made public.
The entire paid out at Pwn2Own Toronto 2023 was greater than final 12 months, when 26 contestants signed up for 66 exploits and earned near $1 million all through the four-day occasion.