Pwn2Own: IE8, Safari, iPhone4, BlackBerry Torch hacked

Pwn2Own: IE8, Safari, iPhone4, BlackBerry Torch hacked

11 March 2011

The first two days of the Pwn2Own cracking contest, held at CanSecWest in Vancouver, were a success with Google's Chrome and Mozilla's Firefox surviving the best efforts of the cracking contestests.

Crackers successfully `pwned' (hacked) Internet Explorer 8 and Apple Safari browsers, however, with vulnerabilities also being exploited on various smartphones, including Apple's iPhone 4 and RIM's BlackBerry Torch 9800.

According to newswire reports, Apple's Safari was the first to be cracked, with a weakness in the open-source browser rendering engine, Webkit. This was followed by Microsoft's IE8 which was found to have three security vulnerabilities.

The Heisse Online newswire says that IE8 was cracked by Irish developer Stephen Fewer, "though he had to connect three different security holes to get around the browser's protected mode and other security mechanisms."

The attacks, says the newswire, were anything but easy.

"The 64-bit operating system had all of the current patches and security mechanisms, such as DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomisation), were enabled and all of which had to be overcome to launch the calculator application", the newswire adds.

Heisse Online went on to say that the processes of Internet Explorer under Windows 7 all ran at low integrity levels, meaning that the executions could not write into normal directories - which was needed to qualify for a complete `Pwn' in the competition.

"No-one had a go at Chrome; although two parties registered, one did not show up at the competition, and the other told the organisers that they did not have a working exploit", the newswire noted.



This article is featured in:
Application Security • Malware and Hardware Security

source & credit : http://www.infosecurity-magazine.com/view/16574/pwn2own-ie8-safari-iphone4-blackberry-torch-hacked/