Safari and IE8 Were the First to Fall at Pwn2Own

Every year, Pwn2Own sees security experts and hackers attempt to hack into machines by exploiting vulnerabilities in the computers' browsers. This year, both Apple and Google released last minute updates before the competition started. Despite this, Safari was the first to fall. Ars Technica reports that VUPEN, a French security company and the first to take a shot at Apple's browser, had gained control of the fully-patched Mac OS X 10.6.6 MacBook five seconds after the browser visited its specially-crafted web page. Despite Apple's update to Safari, the exploit still worked in version 5.0.4.

Next to go was Internet Explorer, which didn't receive an update prior to the competition. Stephen Fewer of Harmony Security managed to beat the 32-bit version of Internet Explorer 8 running on 64-bit Windows 7 Service Pack 1 using three separate vulnerabilities. Two of these were to achieve successful code execution within the browser, with the third being needed escape IE's Protected Mode sandbox. Fewer told Ars that it took him five to six weeks to put together the attack.

The hacker scheduled to take on Google’s Chrome on a Cr-48 Chrome OS notebook was a no-show.

Read more about the exploits and the hackers that beat Safari and IE8 on Ars Technica.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
28 comments
Comment from the forums
    Your comment
  • sabot00
    No surprises.
    2
  • kilo_17
    It fascinates me how they can crack these browsers in seconds.
    1
  • enzo matrix
    kilo_17It fascinates me how they can crack these browsers in seconds.

    Why? Considering:
    Fewer told Ars that it took him five to six weeks to put together the attack.
    4