Safari hacked in seconds at Pwn2Own 2009

IE 8 and Firefox also fall.

Published Mar 19, 2009 8:10 AM CDT   |   Updated Wed, Jul 27 2022 3:40 AM CDT
Browser security is always a hot issue and of course all sides claim their browser is better (like kids in a playground). The security of three popular browsers was put to the tech recently at Pwn2Own 2009, a competition where hackers attempt to break system security in the fastest time.

Charlie Miller took home the top prize ($10,000) when he hacked a fully patched MacBook Air in a matter of seconds. He did this by exploiting a know vulnerability in Safari. The hack was performed by the MacBook's user clicking a simple link. Miller also made predictions before the competition that are shown below. They are surprisingly accurate.

The second place winner showed off a second Safari Hack and was able to hack both IE8 and FireFox but not as quickly as Safari and Miller. Apple has a long standing history of claiming to be more secure than Windows especially Vista; I wonder how they are taking this news.

Be on the lookout for a new commercial.

Read more here

Safari hacked in seconds at Pwn2Own 2009

Here are Miller's predictions:

Safari: hacked by 4 different people. Easy pickin's as usual.

Android: hacked by 1 person. Not too tough but no one owns one.

IE8, Firefox: Survive unscathed. The bugs to exploit equation is too hard for $5k.

iPhone, Symbian: Survive due to non-executable heap.

Blackberry, Windows Mobile, Chrome: I don't know enough to say anything intelligent. That said, they're probably hard/obscure and so survive.

Last year, Miller exploited a Safari flaw to hijack a fully patched MacBook Pro machine. He is also known for launching successful attacks against Apple's iPhone and Google's Android platform.

Newsletter Subscription

Related Tags

Newsletter Subscription
Latest News
View More News
Latest Reviews
View More Reviews
Latest Articles
View More Articles