13th April 2021, Kathmandu
The Spring 2021 edition of the Pwn2Own hacking contest ended last week on April 8 with a three-way tie between researchers from Team Dev core, OV and Computes, Daan Keuper, and Thijs Alkemade.
A total of $ 1.2 million was awarded for 16 high-level achievements during the three-day virtual event hosted by the Zero Day Initiative (ZDI).
Targets with successful attempts included zoom operating systems, Apple Safari, Microsoft Exchange, Microsoft Teams, Parallels Desktop, Windows 10, and Ubuntu Desktop.
The technical details of the flaws are not yet clear, and Zoom has a 90-day window to resolve any issues before they are made public. We have contacted Zoom and will update the story if we get a response.
In a statement sharing the findings, the Dutch security firm said researchers “were then able to take almost complete control of the system and perform actions such as turning on the camera, turning on the microphone, reading e-mails, check the screen and download the browser history. “
Independent researcher Alisa e sage also made history as the first woman to win Pwn2Own after finding a bug in Parallels virtualization software. But she only got a partial victory for the reasons that the issue had been reported to ZDI prior to the event.