Safari and IE8 Were the First to Fall at Pwn2Own
Apple's Safari browser was the first to fall at the annual Pwn2Own hacking contest taking place at the CanSecWest conference in Vancouver.
Every year, Pwn2Own sees security experts and hackers attempt to hack into machines by exploiting vulnerabilities in the computers' browsers. This year, both Apple and Google released last minute updates before the competition started. Despite this, Safari was the first to fall. Ars Technica reports that VUPEN, a French security company and the first to take a shot at Apple's browser, had gained control of the fully-patched Mac OS X 10.6.6 MacBook five seconds after the browser visited its specially-crafted web page. Despite Apple's update to Safari, the exploit still worked in version 5.0.4.
Next to go was Internet Explorer, which didn't receive an update prior to the competition. Stephen Fewer of Harmony Security managed to beat the 32-bit version of Internet Explorer 8 running on 64-bit Windows 7 Service Pack 1 using three separate vulnerabilities. Two of these were to achieve successful code execution within the browser, with the third being needed escape IE's Protected Mode sandbox. Fewer told Ars that it took him five to six weeks to put together the attack.
The hacker scheduled to take on Google’s Chrome on a Cr-48 Chrome OS notebook was a no-show.
Read more about the exploits and the hackers that beat Safari and IE8 on Ars Technica.
- EA, Crytek Addresses Crysis 2 Demo Cheaters
- Please No: Another DOOM Movie On The Way
- HP Crushes Dell, Acer in Q4 2010 PC Shipments
- Deals for March 10: 27" Dell U2711 @ $824.25 FS
- Deus Ex 3 Dated, Bundles Revealed (Updated)
- HP: WebOS Will Be On Every PC We Ship in 2012
- AMD Claims 'Fastest Graphics Card in the World'
- EA: PC Could Become the Leading Platform
- MSFT: Games for Windows LIVE Had Rocky Start
- Intel's vPro Core CPUs Can Take SMS ''Poison Pill''
- Watch the Next-Generation Unreal Graphics NOW
- Tribes Returns as Multiplayer-Only Game in 2011
- Deals for March 11: Sony LCD Projector for $420
- Forum Ban Locks Player Out Of Dragon Age 2
- Chrome OS Cr-48 Notebook Shipments Halted
- Carmack: Direct3D Now Better Than OpenGL
- Users Complain Abount Buggy Windows 7 SP1
- This Luxury PC Has Post-Modern Sculptural Look
No surprises.
It fascinates me how they can crack these browsers in seconds.
It fascinates me how they can crack these browsers in seconds.
Why? Considering:
Fewer told Ars that it took him five to six weeks to put together the attack.
Do the hackers reveal their methods?
It fascinates me how they can crack these browsers in seconds.
It fascinates me how people can take things so widely out of context. The amount of preparation is what you should look at, not the time frame from within the attack was executed.
It fascinates me how they can crack these browsers in seconds.
They come up with the exploits prior to the contest and then when the contest starts it's just a case of just running it. Still very impressive, though. Particularly when you consider the fact that Apple patched Safari the day before the competition. That could easily have neutralized VUPEN's exploit.
This only shows that Apple is no better than Microsoft in terms of security. The ones who claim that "Mac OS is more secure than Windows" is because of its Unix nature, not because of Apple. Heck, even Mac OS is easily defeated during hacking events.
Makes you wonder how would be our security landscape if Apple did got 70-80% of world's computing resources.
These headlines are misleading!
Who falls first, second, third, etc. is all down to how the event is scheduled.
This only shows that Apple is no better than Microsoft in terms of security. The ones who claim that "Mac OS is more secure than Windows" is because of its Unix nature, not because of Apple. Heck, even Mac OS is easily defeated during hacking events.Makes you wonder how would be our security landscape if Apple did got 70-80% of world's computing resources.
Steve will come out and say :
"You use the internet wrong."
Do the hackers reveal their methods?
Yes they do, to the owners of the failed software so they can patch the exploits. These guys are known as "White Hat" hackers, or Crackers.
No, they do not publish them publicly to allow "Black Hat" hackers to exploit them for malicious purposes.
This is a professional event designed to test and FIX issues with the worlds popular Browsers and OS's
Can basically anything can be hacked?
Yes it can.
What was that quote from BTTF? Oh yeah, "If you put your mind to it, you can accomplish anything" Marty to George Mcfly.
I just wonder where IE9 and FF4.0 came in. Both are great browsers.
As for Safari, it shows just how vulnerable Mac OSX really is. Since Apple doesn't have many viruses, they don't worry about patching holes. I can imagine if a bad virus got out, a lot of Mac fans would be pissed.
But Jobes would just tell them they are using it wrong anyways.
Funny, and let's have a conspiracy theory about this too
"Safari and IE8 Were the First to Fall at Pwn2Own"
Shouldn't that be, "Safari was the first to fall at Pwn2Own"?
Would be interesting to see where Firefox with Adblock/Noscript/WOT protection would come in.
"Safari and IE8 Were the First to Fall at Pwn2Own"Shouldn't that be, "Safari was the first to fall at Pwn2Own"?
Yes, but that would be tantamount to admit that Safari (an Apple product) is less secure than IE8 (a Microsoft product). You will not see such a thing on certain websites, this one included.
Funny, and let's have a conspiracy theory about this too
The hacker for Chrome must of been an no-show because he was too busy fighting off the army of Androids that Google sent out to hunt him down and "take him out".
Yes, but that would be tantamount to admit that Safari (an Apple product) is less secure than IE8 (a Microsoft product). You will not see such a thing on certain websites, this one included.
LOL
This isn't Hollywood. What the hackers do at pwn2own is execute attacks that were prepared and tested long before the event even started.
Which system falls first is determined by the organizers, who decide when a hacker gets to attack what, and has nothing whatsoever to do with security.
The hacker for Chrome must of been an no-show because he was too busy fighting off the army of Androids that Google sent out to hunt him down and "take him out".
LOL
@molo9000
or the hacker could have failed at compromising the system, which has everything to do with security.....
Chrome wins with poorly written code. The hackers have difficulty understanding it, and everyone has difficulty writing programs for it.
Still this is quite an achievement for Microsoft. Safari cracked using an exploit from 5 iterations ago. IE8 requires 3 different hacks and it took weeks to develop. I am sure the same preperation would be needed for Firefox.
@molo9000or the hacker could have failed at compromising the system, which has everything to do with security.....
Yes but "first to fall" is meaningless.
That's becuase some big black dressed men came to his door before hand warning him. lol
@molo9000
agreed, order of precedence has no impact what so ever, a failure is a failure no matter who goes first or last
Both Windows and MacOS are made to begineers so neither Apple nor MS care about advanced users and unusual usage. Security will never be a concern to them.
Guess why no-one complains about Linux security...
Ummm...My guess would be the like .5% market-share of Linux. I can guarantee you the Windows is far more secure than Linux.
Ummm...My guess would be the like .5% market-share of Linux. I can guarantee you the Windows is far more secure than Linux.
Ummm... Most of the Internet is running on Linux servers, practically all super computers are running Linux. And in the first competition by Pwn2Own there was PC running Ubuntu. The event ended and only un-hacked computer standing was the Ubuntu PC. Just because BestBuy don't sell Linux desktops and only knowledgeable users wipe the Windows and install Linux doesn't mean that Linux is not secure. In fact Linux was first to be attacked in the past. Before hackers started hacking desktops they were targeting the servers. On server market Linux is #1. With right support from smart and knowledgeable administrators the Linux is dam difficult to crack. (not impossible of course). MS has made some great improvements to Windows, but the legacy code is still huge problem. The biggest problem is the arrogant/ignorant and border line stupid users and nobody can fix that.
What do you expect from Apple.
Meanwhile, IE8 is, despite a lot of patches, full of holes as I see...