Pwn2Own: Safari & IE8 Hacked, Firefox & Chrome Stand Strong

Did you realize certain internet web browser of yours are being updated and patched recently? Well, everything happened for a reason. This is because Pwn2Own Contest already started and all the popular internet web browsers are taking this opportunity to update and patch their web browser for a better IT security. To those who are new to Pwn2Own Contest, it is a computer hacking contest held at the annual CanSecWest security conference, beginning in 2007. The participant are to exploit the software especially web browsers and the winner will win the device/computer that was successfully exploited and also a large amount of cash prize.

The first item to fall here was the Safari Web Browser. It was the Safari version 5.0.3 running on a fully patched Mac OS X 10.6.6. The first to exploit this item, or ITSC should call them winners are from VUPEN, a French security firm and five seconds after the browser visited its specially-crafted malicious web page, it had both launched the platform calculator application and wrote a file to the hard disk to demonstrate that the sandbox had been bypassed.

Second item was the Microsoft Internet Explorer 8 to fall but unlike Apple, Microsoft did not include any patch prior to the Pawn2Own event. The winner was Stephen Fewer, a security researcher for Harmony Security. Just like the flow happened in Safari, the contestant launched a Windows calculator program and then writing a file to the hard disk. It was also mentioned by the contestant that to successfully run his exploit, it uses two of three separate vulnerabilities where two to achieve successful code execution within the browser and the last to escape IE Protected Mode. It took the contestant five to six weeks to successfully create this exploit.

What about Google Chrome and Mozilla Firefox? It was announced that the contestant for Chrome did not show up probably was due to Google last minute patch on Chrome fixed 24 security loop holes. Although, the prize for hacking Google Chrome valued higher than the prize for Safari or IE. On the other side for Firefox, the contestant, Sam Thomas stated that his exploit was not stable at that time. Opera were not chosen probably it was due to popularity as the browser mentioned so far in this article are all the popular web browsers around the internet.

Apart from web browsers, iPhone 4 that is running in iOS 4.2.1 and Blackberry running in BlackBerry OS were both exploited. The exploiters for iPhone 4 were Charlie Miller and Dion Blazakis and the exploiters for Blackberry were Vincenzo Iozzo, Willem Pinckaers and Ralf Philipp Weinmann. Besides all the mentioned platform and web browsers, the item that still yet to be tested were Android and Windows Phone 7 where those contestant did not show up during the event. For IT security news from Pwn2Own 2011, stay tuned with ITSC.

Build Your Own Security
Subscribe to my newsletter and get a copy of my eBook for free.
We hate spam just as much as you

Related posts:

  1. Man In The Middle
  2. Man In The Browser
  3. Tatanga, Trojan That Robs Bank Account
About Alan Tay

This blog is owned and operated by myMediaInc. My Media operates content based online portals for IT professionals, technology managers and decision makers as well as business leaders. We publish original quality content focused in Software Development, IT Security, SaaS, Cloud Computing, Outsourcing, Project Management and Mobile and Wireless. Our mission is to explore how to help you optimize your resources in each of these areas.

Find us here IT Security Column.

Speak Your Mind


CommentLuv badge

This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3)