Hackers Exploit IE, Blackberry, Safari at Pwn2Own

Researchers were able to crack into IE8; iPhone, Safari 5.0.3, and Blackberry at Pwn2Own contest at CanSecWest security conference in Vancouver this week and win $15,000 prizes.

According to HD Moore of Rapid7, the Pwn2Own contest is a yearly “reality check on how well the vendors are doing and which ones are actually improving. Apple, via Safari, has been consistently compromised…By comparison, Microsoft is actually improving, since more than one exploit was required to fully compromise the target system,” he said to USA Today.

Three-time Pwn2Own champion Charlie Miller and Dion Blazakis, both from Baltimore-based Independent Security Evaluators, were able to crack into the iPhone by using a vulnerability in the Safari Web browser, reports PCmag.

Ireland-based researcher, Stephen Fewer of Harmony Security, was able to hack Internet Explorer 8, by exploiting several bugs to defeat memory protections, and sidestep Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) while using IE 7, reports Cnet. Jerry Bryant of Microsoft Security Response Center told Computerworld that the company was already working on a fix, and that IE didn’t contain the bug that Fewer used.

“The vulnerability was addressed in the RC [release candidate] and RTM [release to the Web] versions of Internet Explorer 9,” said Bryant. “This update is already in the pipe for down level-versions [older versions] of Internet Explorer,” he added.

Microsoft launched IE 9 a month ago, and the final code will be available for download on March 14. According to Computerworld, IE 9 only holds less than 1 percent of the market, with older versions holding 99 percent of the market, and these users will have to wait for a patch. Microsoft did not give a specific timeframe for delivering a patch.

In addition to IE 8, three European security researchers from Europe, including past Pwn2Own winners Vincenzo Iozzo and Ralf-Philipp Weinmann and Willem Pinckaers, were able to crack RIM’s open-source Webkit browser to get information from Blackberry, reports PCmag.

For a variety of reasons, no hacker took a crack at Chrome and Firefox, which are “still standing” as boasted by Matt Cutts on his Twitter.

Related posts:

  1. Apple Reaches Out to Hackers for Loopholes in Lion OS X
  2. Google Offers $20K to Anyone Who Can Hack Chrome
About This Author

Rosa is a professional journalist who holds a minor in Communications (print journalism), as well as a Bachelor’s and a Master’s degree in International Affairs. We are extremely pleased that she has joined out team.

Comments are closed