0 Members and 2 Guests are viewing this topic.
Security researcher Charlie Miller predicted, he successfully gained control of a MacBook through an exploit of the Safari browser for the second year in a row at CanSecWest. Pwn2Own contestants also successfully hacked IE8 and FireFox 3 shortly thereafter. Putting his money where his mouth is, so to speak, security reseacher Charlie Miller exploited Safari in mere seconds to take control of a test MacBook in the Pwn2Own contest held during the CanSecWest security conference. In fact, he did so with a default configuration and all security updates applied. Microsoft's Internet Explorer 8 and Mozilla's Firefox 3 were also successfully exploited later in the afternoon. This year's Pwn2Own contest—which challenges hackers to "pwn" a laptop—focused on browsers as well as mobile platforms, which are considered to be vulnerable targets for black hats. Contest organizer TippingPoint had a new MacBook running Mac OS X with the latest versions of Safari and Firefox installed, as well as a Sony Vaio P running Windows 7 with the latest versions of Internet Explorer 8, Firefox, and Google's Chrome browser available to attempt exploits of desktop browsers. The company also has a selection of smartphones, including RIM's BlackBerry, Apple's iPhone, T-mobile's G1 running Android, HTC's Touch running Windows Mobile, and Nokia's N95 running Symbian. Miller made good on his promise that Safari would be the first browser to be exploited, making this the second year in a row he won the Pwn2Own contest this way. "It took a couple of seconds—they clicked on the link and I took control of the machine," Miller said after the successful hack, according to ZDNet. For his efforts, Miller was awarded $5,000 and the MacBook. Another security researcher, going only by the name "Nils," successfully hacked into the Vaio using an exploit in the just-released IE8. Contest sponsor TippingPoint called the exploit a "brilliant IE8 bug." Later, Nils also exploited Safari and Firefox, making him eligible for as much as $15,000 as well as the Sony laptop. So far, no exploits against Apple's iPhone or the other handheld platforms have been reported, though Miller is credited with finding the first flaw in the iPhone's Mobile Safari browser. Miller said he intends to attempt to break into the iPhone during the contest, which ends tomorrow. All of the exploits used in the contest are kept under wraps until TippingPoint, through its Zero Day Initiative, documents and reports the exploits to the respective vendors and a patch can be made available. ZDI attempts to find and report so-called "zero day exploits" by offering hackers financial incentives, such as the Pwn2Own prizes, to report the exploits responsibly instead of loosing them into the hands of less savory individuals.
Security researcher Charlie Miller predicted, he successfully gained control of a MacBook through an exploit of the Safari browser for the second year in a row at CanSecWest.