Pwn2Own: Safari and Internet Explorer 8 Hacked

0

On the primary day of the annual competitors of hacking Pwn2Own up to date variations of Safari, Web Explorer eight and Chrome have been put in shifts on the mercy of the specialists gathered on the safety convention CanSecWest . 

The first two perished in the attacks were subjected to, but Google's browser ended the day no one would have dared to try to infiltrate. 


Hack_ars-thumb-640xauto-20201

The goal was the execution of arbitrary code, shown to launch the calculator standard operating system and bypass thesandbox security by creating a text file on your desktop. 

To achieve this, the winner would take the compromised computer and a cash prize. The information about the vulnerabilities exploited are not made ​​public until the browsers' respective developers have had occasion to address them.

The first shift has been to Safari 5.0.3 under Mac OS X 10.6.6 with daily updates, running on a MacBook Air  to achieve successful completion of the attack in five seconds … and two weeks of preparation, of course. Although Apple yesterday released version 5.0.4 of its browser competition rules freeze the software updates a week before the event, but also to take the prize money is necessary that exploited vulnerabilities have not been solved in the last review.. Fortunately for the experts who had prepared the attack continues to operate despite failures corrected yesterday, so we have been able to pocket the $ 15,000 prize.

Internet Explorer 8 was the second to go up to the plate and fall defeated at the first attempt by Stephen Fewer of Harmony Security , which took five or six weeks to prepare his attack. As in the case of the French team and Safari, the researcher had tocombine multiple vulnerabilities and develop their own tools to exploit them . Protection techniques at the operating system are becoming stronger, with techniques such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) are much more difficult to exploit the failures of individual programs, in this case the browsers. Of course someone
 
with knowledge and determination can bring down all barriers , but the task is much more complicated than a few years ago.

Also Google's browser running on a laptop with ChromeOS Cr-48 was his turn against attacks from the experts, but the first registration did not appear and the second declined to participate in preparing his attack against BlackBerry in the next day.Perhaps the fact that Chrome was updated yesterday also deterred by the participants if they intended to use the vulnerabilities had been addressed. Google's browser has never been successfully attacked in the three years it has hosted this competition, one of the reasons I have been using it on all my systems. In the coming days will be the turn of Firefox browsers and the iPhone, Blackberry, Android, and Windows Phone 7.

For more  coverage on iHelplounge: 

My Facebook My Twitter My YouTube My TechnoratiMy Flickr   Iphone-post-banner

Follow us on Twitter, subscribe to our Facebook Page, find us on LinkedIn, circle us on Google+