Safari and IE crumble first in Pwn2Own

gallery

Apple and Microsoft were faced with embarrassment today as their Safari and Internet Explorer (IE) browsers were the first to be hacked in the Pwn2Own contest.

Pwn2Own is being held in Vancouver this week as part of the CanSecWest conference, as researchers sought to highlight vulnerabilities in various pieces of technology.

Chaouki Bekrar, from French firm Vupen Security, was able to crack Safari running on Mac OS X by taking advantage of a vulnerability in WebKit.

Apple has now fixed the flaw with the Safari 5.0.4 release, in which it secured a total of 62 vulnerabilities, but the patch was not issued in time for the Pwn2Own competition.

Stephen Fewer, an Irish security consultant, managed to hack IE8 on a 64-bit version of Windows 7, exploiting three bugs at the same time and even bypassing protected mode.

Both Bekrar and Fewer were handed cash prizes of $15,000 (£9,345).

Although the teams managed to exploit the browsers in minutes, the research that went into finding the holes and exploring ways to take advantage of them could have taken weeks or even months.

Two teams had signed up to take on Google Chrome, but one failed to show up and another decided to pull out.

Google, which this week released Chrome 10, had offered a $20,000 prize for anyone who could hack its browser on the first day.

No researchers turned up to take on Firefox either, after Mozilla updated the browser this week.

The somewhat controversial Pwn2Own contest taking place this week will also see contestants attempt to hack into a range of smartphones, including the Apple iPhone.

Email to a friend

Print this page