Viewing Story

Safari once again falls first at Pwn2Own

Posted by on 10/03/2011

7
1
0

Security experts from the French penetration-testing firm VUPEN has taken the cake for exploiting a zero-day security exploit in the Safari browser on a MacBook.

Chaouki Bekrar from VUPEN was able to compromise the browser by visiting a rigged website, where he was able to successfully run a calculation program. He did it on a Macbook which was fully up-to-date and running a 64-bit copy of OSX. He mentioned that the vulnerability lay in the popular opensource WebKit, which is used for rendering web pages in the browser.

The team did express their difficulty with the exploit because of the lack of extensive documentation of exploiting the 64-bit version of OSX. It seems that the WebKit has quite a number of vulnerabilities in it, but since there were barely any written resource, they had to do everything from scratch. The team took home $15,000 for their efforts. Since then Apple has released an update for the mobile and desktop operating systems.

Internet Explorer 8 was the next to fall as Irish security researcher Stephen Fewer hacked it on a Sony Vaio running a 64-bit edition of Windows 7 with the latest updates including Service Pack 1. It took him much longer though, at just about 6 weeks, but his persistence got him $15,000 and a Sony Vaio. Microsoft has accepted the loss, saying that IE9 promises a big step up in terms of Internet security.

Google Chrome remained unhackable for the third time in a row, mainly because of the constant updates it receives backed by an intense security team at Google. They offered a $20,000 prize for whoever could break it, but it seems the money is still safe in the bank.

Finally, Mozilla’s Firefox stood up a much better competition this year with no one being able to hack it this round. Congrats to them because Firefox was taken down in the 2010 competition.

The contest continues with a new focus on infiltrating  mobile device operating systems with the target phones being the iPhone 4 running iOS , Nexus S running Android, a Blackberry Torch 9800 running Blackberry 6 OS, and the Dell Venue Pro running Windows 7.

7
1
0
    More in Computing, Featured, Policies/Ethics (19 of 70 articles)