-
March 26th, 2010, 11:21 AM
#1
Major browsers fall on day one of Pwn2Own, Chrome survives
Major browsers fall on day one of Pwn2Own, Chrome survives
For the fourth consecutive time in as many years, three of the most common web browsers have been successfully exploited on day one of Pwn2Own. The annual contest is sponsored by security firm TippingPoint, which challenges hackers and security researchers to attack devices running fully up-to-date versions of the latest browsers and operating systems, and then shares the details with the respective software vendors so they can work on patches.
Not surprisingly there were a few familiar faces showing their exploits at the competition. Just like in 2009 and the year before, Charlie Miller was awarded a cash prize after hacking Safari on a MacBook Pro without having physical access to the machine. Next was Peter Vreugdenhil, who managed to bypass Windows security features including Data Execution Prevention code via Internet Explorer 8 to take over a PC -- receiving $10,000 plus the hardware.
Another former winner known only by his first name, Nils, received $10,000 for exposing a memory corruption flaw in the latest version of Mozilla's Firefox browser. Of all the browsers set up as targets for the contest, only Google's Chrome remained standing on the first day, while Apple's Safari was even saw a second hack centering on the iPhone.
Within minutes of the competition starting, two European researchers, Vincenze Iozzo and Ralf Weinmann, managed to download the SMS database of a fully patched iPhone 3GS simply by visiting a specially crafted website. According to the researchers, while the exploit focused just on the SMS data, the same attack could be designed to access contacts, photos, and other data on the iPhone without the user having any idea an attack was underway.
Before the usual Opera fanboy's chime in, please remember the competition only used "Real Browsers" that actually have marketshare for the competition.
Similar Threads
-
By t34b4g5 in forum Web Security
Replies: 1
Last Post: September 25th, 2009, 02:14 PM
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|