Pwn2Own 2021 – Day 2: a security duo earned $200,000 for a zero-interaction Zoom exploit allowing remote code execution.

One of the most interesting working exploits of the second day of the Pwn2Own 2021 was demonstrated by security researchers Daan Keuper and Thijs Alkemade from Computest. The duo successfully targeted Zoom Messenger in the Enterprise Communications category, the white-hat hackers chained three bugs to get code execution on the target system without user interaction. The duo earned $200,000 and received 20 Master of Pwn points.

Confirmed! The duo of Daan Keuper and Thijs Alkemade from Computest used a 3-bug chain to exploit #Zoom messenger with 0 clicks from the target. They win $200,000 and 20 points towards Master of Pwn. #Pwn2Own pic.twitter.com/dLFpH1uq8G— Zero Day Initiative (@thezdi) April 7, 2021The attack scenario sees the victim receiving a meeting invitation, but the bug chain is triggered even if the victim did not click anything.

We’re still confirming the details of the #Zoom exploit with Daan and Thijs, but here’s a better gif of the bug in action. #Pwn2Own #PopCalc pic.twitter.com/nIdTwik9aW— Zero Day Initiative (@thezdi) April 7, 2021The second highest payout of the day was assigned to the security researchers Bruno Keith and Niklas Baumstark of Dataflow Security who earned $100,000 for demonstrating an exploit for Chrome and Microsoft Edge web browsers.

“The team used a Typer Mismatch bug to exploit the Chrome renderer and Microsoft Edge. Same exploit for both browsers. They earn $100,000 total and 10 Master of Pwn points.” states the post published on the official site of the competition.

Confirmed! The @dfsec_it team of @bkth_ & @_niklasb used a Typer Mismatch bug to exploit the #Chrome renderer and #Microsoft #Edge. They earn $100,000 total and 10 Master of Pwn points. #Pwn2Own pic.twitter.com/6mpl5GPz6c— Zero Day Initiative (@thezdi) April 7, 2021Jack Dates from RET2 Systems and Sunjoo Park (aka grigoritchy) exploited a logic bug to execute code on the underlying operating system through Parallels Desktop. The expert earned $40,000 and received 4 Master of Pwn points.

Manfred Paul earned $30,000 and 3 points towards Master of Pwn targeting Ubuntu Desktop, the hacker exploited an OOB Access bug to escalate to a root user on Ubuntu Desktop.

Day two ended with the success of a researcher that uses the moniker z3r09 targeting Windows 10. z3r09 exploited an integer overflow issue to escalate his permissions up to NT AuthoritySYSTEM. He earned $40,000 and 4 Master of Pwn points.

The only partial success of the day was the result of the attempt of Team Viettel targeting Microsoft Exchange in the Server category.

Team Viettel successfully demonstrated their exploit on the Exchange server, but some of the bugs chained by the team had been previously reported in the contest. Anyway the team received 7.5 Master of Pwn points.

On the first day of the competition, participants earned more than half a million dollars for demonstrating to five working exploits out of seven attempts.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, Pwn2Own 2021)

The post Pwn2Own 2021 Day 2 – experts earned $200K for a zero-interaction Zoom exploit appeared first on Security Affairs.