TL DR: With popular products such as the Tesla Model 3, Apple Safari, Mozilla Firefox, Oracle VirtualBox, VMware Workstation Pro and Microsoft Edge being successfully exploited; please install the necessary updates when they become available.
The annual white hat hacking contest known as Pwn2Own took place last week. Detailed results from all 3 days are available from this link.
Day 3 saw initially two teams attempting to exploit a Tesla Model 3 before one withdrew. The team Fluoroacetate made up of both Richard Zhu and Amat Cama successfully exploited the infotainment system of the Tesla earning them a further $35,000 and the car itself. They earned $375k in total and became the Master of Pwn for 2019. The contest overall distributed $545k for 19 vulnerabilities.
In contrast to previous years the researchers have targeted vulnerabilities other than those within the operating system kernel (defined) to obtain a total system compromise. Only 3 times were exploits on the OS kernel used this year (one exploit was used in conjunction when exploiting each of the web browsers Apple Safari, Microsoft Edge and Mozilla Firefox).
We can expect updates for each of the exploited products over the coming weeks and months (the vendors have up to 120 days to resolve the vulnerabilities before public disclosure). Mozilla released Firefox 66.0.1 and 60.6.1 to resolve the 2 Firefox CVEs (defined) disclosed during the contest.
If you use the affected products, please keep current with the necessary updates. Thank you.