Pwn2Own 2020: Hacker Wins $30,000 For Ubuntu’s Privilege Escalation Bug


Amidst the havoc wreaked by Coronavirus, the annual hacking event Pwn2Own is underway, and for the first time, the contest is being held remotely. At the Pwn2Own first day, several ethical hackers from all over the world participated and demonstrated their capabilities.

Pwn2Own 2020: Day 1

Manfred Paul of RedRocket team won $30,000 and 3 Master of Pwn points by successfully using an improper input validation bug to escalate privileges on a Ubuntu desktop. Paul is a newcomer to the annual hacking event and accomplished his goal in the very first attempt.

A team from Georgia Tech Systems Software and Security Lab won the maximum amount of $70,000 on the first day by targeting Apple Safari. They used a six bug chain to pop calc and escalate to root.

Last year’s winning champion team Fluorescence took home $40,000 by leveraging a UAF in Windows to escalate to SYSTEM.

Pwn2Own 2020: Day 2

On the second day of the event, Phi Phạm Hồng from STAR labs targeted Oracle Virtualbox with using an OOB Read for an info leak. He used an uninitialized variable for code execution on the hypervisor. Phi Pham Hong won $40,000 for it.

Synacktiv team of Corentin Bayet and Bruno Pujos failed to demonstrate their exploit in which they were supposed to target the VMware Workstation in the virtualization category in the provided time.

Anmol Sachdeva

Anmol Sachdeva

Anmol is a tech journalist who handles reportage of cybersecurity and Apple and OnePlus devices at Fossbytes. He's an ambivert who is striving hard to appease existential crisis by eating, writing, and scrolling through memes.
More From Fossbytes

Latest On Fossbytes

Find your dream job