Browsers were in the crosshairs yesterday for the first day of hacking competition pwn2own, and the “you don’t need to worry about security for Apple products” set may not be too happy to hear that Apple’s Safari fell within five seconds of French security firm VUPEN trying out their hack, which involved a webpage they had crafted packed with malicious code. The firm won $15,000 and a new MacBook Air for being the first to successfully exploit a browser vulnerability at the competition.
IE8 also fell to the first person who attacked it, security expert Stephen Fewer, who reportedly did it by bypassing Protected Mode.
Chrome, however, did not fall: According to Ars Technica, the hacker who had registered to try his skills against Chrome did not show up: “One possible reason for this is that Google published a Chrome update yesterday, closing at least 24 security flaws. The would-be Chrome attacker may have been depending on one of these flaws to attack the browser. Or he or she may have been unable to produce a reliable attack. Google has sponsored the Chrome hacking contest, awarding extra prize money for Chrome hacks, but with stricter rules for the hacks.”
As for Firefox, it isn’t home free yet: It has been successfully hacked in past pwn2own competitions, and it’s on trial today, along with the four major smartphone operating systems.
(via Ars, ComputerWorld)
Published: Mar 10, 2011 09:20 am