Pwn2Own 2010: IE8, Firefox, Safari and iPhone go down


IE8, Firefox, Safari and iPhone went down in mere minutes at this year’s Pwn2Own contest held at the CanSecWest conference in Vancouver. Here is the rundown according to CNet:

Mobile Safari browser on a fully patched, un-jailbroken iPhone
WHO: Ralf-Philipp Weinmann and Vincenzo Iozzo
HOW: Target is lured to a website hosting an exploit that bypasses the digital code signatures, allowing the attacker to exfiltrate the SMS database (including deleted messages). According to Weinmann and Iozzo, the attack can be designed to steal other data on the iPhone
PRIZE: $15,000

Safari browser on MacBook running Snow Leopard
WHO: Charlie Miller
HOW: Target is lured to a website hosting an exploit that allows a drive-by download and Miller gets a full command shell
PRIZE: $10,000

IE8 running on 64-bit Windows 7
WHO: Peter Vreugdenhil
HOW: Target is lured to a website hosting an exploit – the attack code bypasses ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) – the attacker gains user right on the machine
PRIZE: $10,000

Firefox on 64-bit Windows 7
WHO: Nils (no last name given)
HOW: Target is lured to a website hosting an exploit – the attack code bypasses ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention)
PRIZE: $10,000

The winners say that it took them from a couple of days to a couple of weeks to design the exploits. All vulnerabilities will be revealed to the vendors by TippingPoint Zero Day Initiative – the sponsors of the contest.

Google Chrome hasn’t been targeted by any of the hackers, allowing it to “survive” this first day of the contest. According to Download Squad, Charlie Miller says it’s because the bugs in the browser are extremely difficult to exploit, and because Chrome has a “sandbox model that’s hard to get out of”.




Share this