Windows 10 was one of the software packages that fell to exploits on day 1 of Pwn2Own 2020.
For those that don’t know, Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference.
Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities.Winners of the contest receive the device that they exploited and a cash prize.
The Pwn2Own contest serves to demonstrate the vulnerability of devices and software in widespread use while also providing a checkpoint on the progress made in security since the previous year.
A total of $180,000 was up for grabs for 9 bugs in 3 categories, and hackers were able to defeat the security mechanisms in three of the most popular desktop operating systems out there.
Due to coronavirus, the annual Pwn2Own event was held virtually, instead of in Vancouver, Canada. The hackers had prepared exploits in advance and sent them to organizers to demonstrate in a live presentation to all participants.
Windows 10 was hacked by Flourescence, a Pwn2Own veteran who used his use-after-free (UAF) bug to gain escalated system privileges in Windows. He won $40,000 for this successful exploit.
All the companies behind these operating systems and software were provided details of the exploits to help them fix the bugs in future updates. The companies are given 90 days to develop security patches. After this time has passed, the bugs are made public.