Safari hacked in seconds at Pwn2Own 2009

IE 8 and Firefox also fall.

1 minute & 4 seconds read time
Browser security is always a hot issue and of course all sides claim their browser is better (like kids in a playground). The security of three popular browsers was put to the tech recently at Pwn2Own 2009, a competition where hackers attempt to break system security in the fastest time.

Charlie Miller took home the top prize ($10,000) when he hacked a fully patched MacBook Air in a matter of seconds. He did this by exploiting a know vulnerability in Safari. The hack was performed by the MacBook's user clicking a simple link. Miller also made predictions before the competition that are shown below. They are surprisingly accurate.

The second place winner showed off a second Safari Hack and was able to hack both IE8 and FireFox but not as quickly as Safari and Miller. Apple has a long standing history of claiming to be more secure than Windows especially Vista; I wonder how they are taking this news.

Be on the lookout for a new commercial.

Read more here

Safari hacked in seconds at Pwn2Own 2009

Here are Miller's predictions:

Safari: hacked by 4 different people. Easy pickin's as usual.

Android: hacked by 1 person. Not too tough but no one owns one.

IE8, Firefox: Survive unscathed. The bugs to exploit equation is too hard for $5k.

iPhone, Symbian: Survive due to non-executable heap.

Blackberry, Windows Mobile, Chrome: I don't know enough to say anything intelligent. That said, they're probably hard/obscure and so survive.

Last year, Miller exploited a Safari flaw to hijack a fully patched MacBook Pro machine. He is also known for launching successful attacks against Apple's iPhone and Google's Android platform.

Newsletter Subscription

Related Tags