That’s a wrap for Pwn2Own Miami 2023!
Congratulations to the Masters of Pwn – Claroty! Uri Katz and Noam Moshe of Team82 dominated the competition, succeeding at all 10 of their attempts and earning a total of $98,500 + the $25,000 winner’s bonus.
Welcome to Day 3 of Pwn2Own Miami 2023. We’ll be updating this blog in real time as results become available. For this year’s event, each round will receive the full payout for unique entries.
All results current as of 1300 Eastern (GMT -5)
SUCCESS – Claroty used a resource exhaustion in their DoS attack against the Prosys OPC UA Simulation Server. They earn $5,000 and 5 Master of Pwn points.
SUCCESS – Axel Souchet used a null pointer deref to execute his DoS attack against the Unified Automation UaGateway. He earns $5,000 and 5 Master of Pwn points.
SUCCESS / COLLISION – Claroty was able to execute their RCE attack against the Softing Secure Integration Server. However, one of the bugs in the exploit they used was previously known. They still earn $18,500 and 18.5 Master of Pwn points.
FAILURE – shuffle2 was unable to get their RCE exploit of the PTC KepServerEx working within the time allotted.
Written by admin
ZDI-23-1494: Apple Safari TypedArray copyWithin Integer Underflow Remote Code Execution VulnerabilitySeptember 30, 2023This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-1493: G Data Total Security GDBackupSvc Service Link Following Local Privilege Escalation VulnerabilitySeptember 30, 2023This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
September 30, 2023This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.