iPhone, Safari on Mac, Firefox and IE 8 all fall on first day of Pwn2Own 2010

The annual CanSecWest Pwn2Own challenge has begun and, already, in day one, the iPhone, Safari on the Mac,  Firefox and Internet Explorer 8 on Windows 7 have all been hacked.  The iPhone went down in 20 seconds via a Safari browser crash.  The exploit allowed Ralf Wenmann and Vincenzo Iozzo to grab the iPhone’s SMS database in 20 seconds.  The two, however, needed two weeks to develop the exploit so the 20 second headline is a bit overblown.  Nonetheless, they got $15,000 and the phone as a prize.

A gentleman by the name of Charlie Miller, for the THIRD YEAR IN A ROW, was able to take down Safari on the Mac.  He used a  ‘clean drive-by’ download against Safari to gain control of the Mac Book.  He set up a web page containing the exploit.  An organizer from the conference then surfed the page and watched as Miller took over the machine.  Miller gets to keep the machine.

A German hacker called ‘Nils’ was able, for the second year in a row, was able to exploit an unknown (by everyone else) vulnerability in Firefox to take over a 64-bit Windows 7 machine.  The exploit was able to defeat two security mechanisms in Windows 7 (ALSR and DEP) to gain access to the computer.  ALSR (Address Space Layout Randomization) and DEP (Data Execution Prevention) are supposed to make it very difficult for malicious code (and, sometimes, legitimate code) from executing and are two of the reasons why Windows 7 is more secure than previous versions of the operating system.

The Internet Explorer 8 hack also managed to circumvent both ALSR and DEP.  Dutchman Peter Vreugdenhil was able to gain the base address of one of IE’s modules (via the ALSR workaround) which, in turn, allowed him to bypass DEP.  He got ten grand and the laptop.

As in previous years, the hackers CHOSE to ignore Linux and Chrome.

All of the hacks and vulnerabilities are to be kept secret until the end of the conference, at which time they are made available to the companies involved.  

For more information on all of the hacks, visit ZDNET.

Reblog this post [with Zemanta]
Digg This


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s