Security is one of the most important elements that we must take into account when choosing an operating system for our PC. The normal thing is to always bet on modern and updated operating systems, such as Windows 11, and even Ubuntu. And the same should apply when choosing programs for day to day. But, are we really safe when we use these systems or programs? This is what the Pwn2Own 2022.
Pwn2Own was born as a hacking contest in 2007, and has continued, taking place twice a year, until today. In this contest, the best hackers in the world compete to find the most serious vulnerability in the most used operating systems and programs in order to expose the security of giant software companies, earn money thanks to bounty programs, and help users to enjoy more secure software.
In the three days that this contest has lasted, there has been no puppet with a head. And it has become clear how, regardless of whether we use Windows or Linux, we can perfectly end up in the clutches of hackers.
Windows 11 and Ubuntu have dropped all three days
Interestingly, in this edition the security of Windows 10 has not been tested, but all the tests have been to highlight the (disastrous) security of Windows 11. In this way, the bugs that have been exploited for this operating system have been the following (all of them rewarded with 40,000 dollars):
- An out-of-bounds write bug that allowed elevating privileges within the system.
- A Use-After-Free vulnerability that allowed privileges to be gained on the system.
- A failure in access control that results in the possibility of gaining privileges in the system.
- An integer overflow that allows gaining unwanted permissions on the system.
- An Improper Access Control vulnerability with which to gain privileges in the system.
- A bug of the Use-After-Free type with which to gain permissions in the system.
Of course, all of these bugs have been reported to Microsoft, which has 90 days to fix them via a security patch before information about them is made public.
In the case of Ubuntu, The best-known Linux distro has been similarly affected by 4 security flaws, which can be used to hack its users. Likewise, each of these failures has been rewarded with $40,000:
- Two bugs that can be combined with each other to gain privileges: Out-of-Bounds Write (OOBW) and Use-After-Free (UAF).
- An exploit that allows remote access to any Ubuntu desktop thanks to a Use-After-Free flaw.
- A serious security flaw of the Use After Free type to gain privileges on the system.
- One last bug in Ubuntu Desktop of the Use After Free type that allows you to gain privileges.
Other programs that have fallen
In addition to Windows 11 and Ubuntu, there are other pieces of software that have fallen into the competition. These are the following:
- Microsoft Teams (three failures).
- Oracle Virtual Box.
- MozillaFirefox.
- AppleSafari.
And, as a curious fact, they have also managed to hack the “Infotainment System” of a Tesla Model 3, although the car refused to show its weaknesses in public.
