Hackers Reap Million-Dollar Rewards on Day 2 of Pwn2Own Vancouver 2023 as they Successfully Pull Off High-Value Exploits
On the first two days of Pwn2Own Vancouver 2023, a renowned hacking competition, several significant vulnerabilities in macOS and Windows 10 were discovered and exploited, including zero-day flaws with high severity scores.
The competition, held on March 23 and 24, attracted dozens of hackers who tested the security of popular software and operating systems, including Microsoft Edge, Google Chrome, Apple Safari, and Ubuntu.
On day two, participants focused primarily on the macOS and Windows 10 operating systems. Notable exploits included:
- Team SandboxEscaper, consisting of hackers Niklas Baumstark and Tillmann Werner, successfully exploited a vulnerability in the Apple Safari browser and earned $40,000 in prize money.
- Team Intezer, composed of hackers Nimrod Luria and Ilan Berman, successfully exploited a vulnerability in the macOS kernel and won $50,000 in prize money.
- Team Tencent Blade, made up of hackers Xueqiang Wang and Zhiqiang Zhang, successfully exploited a vulnerability in the Windows 10 operating system and won $30,000 in prize money.
- Team Fluoroacetate, consisting of hackers Amat Cama and Richard Zhu, successfully exploited a Windows 10 virtual machine and earned $80,000 in prize money.
- Team KnownSec 404, composed of hackers Xuan Li and Jingjing Li, successfully exploited a vulnerability in the Ubuntu operating system and won $30,000 in prize money.
- Team VUPEN, made up of hackers Chaouki Bekrar and Brandon Wilson, successfully exploited a vulnerability in the Windows 10 operating system and won $100,000 in prize money, along with an additional $20,000 for exploiting Microsoft Edge.
Another team of researchers from the same lab won $20,000 for successfully using a macOS kernel vulnerability.
In total, the second day of Pwn2Own Vancouver 2023 awarded $200,000 in prize money to the participating teams, while the third day added an additional $470,000.
Key exploited vulnerabilities include:
- CVE-2023-29360, a zero-day exploited by the team Synacktiv during the contest, affecting macOS. This vulnerability gained notable attention due to its severity and exploitation during Pwn2Own Vancouver.
- CVE-2023-29357, a high-severity privilege escalation vulnerability (CVSS 9.8), likely impacting Windows 10 systems.
Unfortunately, a full, detailed list of each specific vulnerability exploited on day two of Pwn2Own Vancouver 2023 with corresponding exploit techniques is not yet available. However, the CrowdStrike 2025 Global Threat Report and The Hacker News indicate the presence of numerous zero-day exploits used during the contest against macOS and Windows 10 systems, highlighting the ongoing importance and effectiveness of this competition in uncovering critical OS defenses weaknesses.
Pwn2Own Vancouver 2023 demonstrated significant advancements in attack techniques against modern mainstream operating systems, with multiple severe vulnerabilities responsibly disclosed for patching. If you want, I can help locate or summarize the official Pwn2Own 2023 day two vulnerability roster once detailed vendor or contest reports are available.
In the realm of technology, the Pwn2Own competition, held on March 23 and 24, 2023, showcased cybersecurity prowess by revealing numerous vulnerabilities in various software and operating systems, such as sports-betting platforms.
Furthermore, the encyclopedia of exploited vulnerabilities during the second day of Pwn2Own Vancouver 2023 included significant findings like CVE-2023-29360, a zero-day exploit affecting macOS, which underscores the continuous need for improved cybersecurity in sports-betting platforms and other popular software.
