Published on

$200k for winning Pwn2Own research competition on Zoom! #cybersecurity #bugbounty #hacking #techtok

$ 200k for winning Pwn2Own research competition on Zoom! #cybersecurity #bugbounty #hacking #techtok

Pwn2Own is a bi-annual security research and hacking competition that challenges individuals to find previously unknown vulnerabilities in fully patched, commonly used software. In a recent edition of this competition, two Dutch researchers focused on Zoom and managed to win the part of the competition related to this software by chaining together three complex vulnerabilities.

The most significant vulnerability they found was related to a buffer overflow identified as "param 13". Buffer overflows occur when the amount of data input exceeds the allocated memory for a particular process, causing the overflow to spill into adjacent memory blocks. The researchers were able to send an encrypted message that invoked this buffer overflow.

By chaining this buffer overflow with two other vulnerabilities that helped bypass memory protection mechanisms, they achieved remote code execution on a fully patched Windows machine with no user interaction required.

This means that the researchers could execute arbitrary code on the target machine, all without any action from the user. Zoom has since fixed these vulnerabilities, which is how this information has come to light. For their efforts and discoveries, the researchers were awarded $ 200,000.

Keywords

  • Pwn2Own
  • security research
  • hacking competition
  • Zoom vulnerabilities
  • buffer overflow
  • remote code execution
  • encrypted message
  • memory protection bypass
  • bug bounty
  • cybersecurity

FAQ

Q: What is Pwn2Own?
A: Pwn2Own is a bi-annual security research and hacking competition that encourages participants to find previously unknown vulnerabilities in fully patched, common software.

Q: What did the Dutch researchers focus on?
A: The researchers focused on Zoom to identify vulnerabilities.

Q: What kind of vulnerability was the biggest finding in their research?
A: The most significant finding was a buffer overflow related to "param 13".

Q: How did the researchers achieve remote code execution?
A: They achieved remote code execution by chaining together the buffer overflow with two other vulnerabilities that bypassed memory protection mechanisms.

Q: Was any user interaction required for the attack?
A: No, the remote code execution was achieved with no user interaction necessary.

Q: Has Zoom fixed these vulnerabilities?
A: Yes, Zoom has fixed these vulnerabilities.

Q: What was the monetary reward for the researchers' findings? A: The researchers were awarded $ 200,000.

Read More