Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Hackers take down iPhone, Safari, IE8 and Firefox in one day at Pwn2Own

Microsoft, Apple and Mozilla security breached

Article comments

Hackers took down Apple's iPhone and Safari browser, Microsoft's Internet Explore 8 (IE8) and Mozilla's Firefox within minutes at today's Pwn2Own contest, as expected.

The two-man team of Vincenzo Iozzo and Ralf-Philipp Weinmann exploited the iPhone in under five minutes, said a spokeswoman for 3Com TippingPoint, the security company that sponsored the contest. The pair also walked away with $15,000 in cash, a record prize for the challenge, which is in its fourth year.

Iozzo, an Italian college student, works for Zynamics GmbH, the company headed by noted researcher Thomas Dullien, better known as Halvar Flake, while Weinmann is a post-doctoral researcher at the Laboratory of Algorithms, Cryptology and Security at the University of Luxembourg.

Weinmann is probably best known for being part of a three-man team that in 2007 demonstrated how to crack the Wi-Fi security protocol WEP much faster than previously thought possible.

Charlie Miller, an analyst at Independent Security Evaluators, brought down Safari on a MacBook Pro running Snow Leopard for a three-peat at Pwn2Own.

Miller won prizes in both 2008 and 2009 by hacking a Mac; last year, Miller cracked Safari in just 10 seconds. For his work today, Miller walked off with the notebook and $10,000 in cash. No one else has won at Pwn2Own three times.

When his turn came, Pwn2Own newcomer Peter Vreugdenhil successfully exploited a vulnerability in IE8 running on Windows 7 with attack code called "technically impressive" by TippingPoint because it bypassed the operating system's Data Execution Prevention, or DEP, security mechanism, which is designed to stop most attacks.

Like Miller, Vreugdenhil, a freelance vulnerability researcher from the Netherlands, earned a $10,000 prize. Another former winner, a German computer science student known only by his first name, Nils, was awarded $10,000 for hacking Firefox on Windows 7.

Of the browsers set up as targets for the contest, only Google's Chrome remained standing on the first day.

TippingPoint does not release details of the vulnerabilities exploited for Pwn2Own, but instead purchases the rights to the flaws and exploit code as part of the contest. It then turns over information to the appropriate vendors, who all had representatives on hand.

Only after the vendor has plugged the hole does TippingPoint disclose details of each flaw.

If history is any indication, vendors will push out patches for the exploited vulnerabilities fairly quickly. In 2008, for example, Apple took just three weeks to patch the Safari bug that Miller used to win $10,000 at his inaugural Pwn2Own.

Mozilla beat that record last year when it updated Firefox a week after Nils exploited the browser.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *