gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76588 Posts in 13447 Topics by 2074 Members - Latest Member: cobra65kr February 25, 2021, 10:34:39 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Safari successfully exploited in seconds in Pwn2Own contest
gfx
gfxgfx
 

Author Topic: Safari successfully exploited in seconds in Pwn2Own contest  (Read 465 times)

0 Members and 1 Guest are viewing this topic.

Offline DaBees-Knees

  • WMW Team
  • *****
Safari successfully exploited in seconds in Pwn2Own contest
« on: March 20, 2009, 12:43:00 pm »
http://arstechnica.com/apple/news/2009/03/safari-successfully-exploited-in-seconds-in-pwn2own-contest.ars

Quote
Security researcher Charlie Miller predicted, he successfully gained control of a MacBook through an exploit of the Safari browser for the second year in a row at CanSecWest. Pwn2Own contestants also successfully hacked IE8 and FireFox 3 shortly thereafter. Putting his money where his mouth is, so to speak, security reseacher Charlie Miller exploited Safari in mere seconds to take control of a test MacBook in the Pwn2Own contest held during the CanSecWest security conference. In fact, he did so with a default configuration and all security updates applied. Microsoft's Internet Explorer 8 and Mozilla's Firefox 3 were also successfully exploited later in the afternoon. This year's Pwn2Own contest—which challenges hackers to "pwn" a laptop—focused on browsers as well as mobile platforms, which are considered to be vulnerable targets for black hats. Contest organizer TippingPoint had a new MacBook running Mac OS X with the latest versions of Safari and Firefox installed, as well as a Sony Vaio P running Windows 7 with the latest versions of Internet Explorer 8, Firefox, and Google's Chrome browser available to attempt exploits of desktop browsers. The company also has a selection of smartphones, including RIM's BlackBerry, Apple's iPhone, T-mobile's G1 running Android, HTC's Touch running Windows Mobile, and Nokia's N95 running Symbian. Miller made good on his promise that Safari would be the first browser to be exploited, making this the second year in a row he won the Pwn2Own contest this way. "It took a couple of seconds—they clicked on the link and I took control of the machine," Miller said after the successful hack, according to ZDNet. For his efforts, Miller was awarded $5,000 and the MacBook. Another security researcher, going only by the name "Nils," successfully hacked into the Vaio using an exploit in the just-released IE8. Contest sponsor TippingPoint called the exploit a "brilliant IE8 bug." Later, Nils also exploited Safari and Firefox, making him eligible for as much as $15,000 as well as the Sony laptop. So far, no exploits against Apple's iPhone or the other handheld platforms have been reported, though Miller is credited with finding the first flaw in the iPhone's Mobile Safari browser. Miller said he intends to attempt to break into the iPhone during the contest, which ends tomorrow. All of the exploits used in the contest are kept under wraps until TippingPoint, through its Zero Day Initiative, documents and reports the exploits to the respective vendors and a patch can be made available. ZDI attempts to find and report so-called "zero day exploits" by offering hackers financial incentives, such as the Pwn2Own prizes, to report the exploits responsibly instead of loosing them into the hands of less savory individuals.

Don't sit there feeling smug and safe. Be alert and safe.  8)

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Safari successfully exploited in seconds in Pwn2Own contest
« Reply #1 on: March 21, 2009, 06:14:00 am »
Quote
Security researcher Charlie Miller predicted, he successfully gained control of a MacBook through an exploit of the Safari browser for the second year in a row at CanSecWest.

for a moment there i thought you were posting an old article... apple really needs to pull their heads out before they become the next MS.... oh... wait... nvm... ;)

interesting opera isnt mentioned... (??)

and i know i probably sound like a broken record at this point but i really recommend visiting www.secunia.com and either using their online scan or downloading the PSI software.... you might have a lot of out-of-date/unpatched stuff and not even know it... (shockwave/adobe flash is an exceptional bug magnet...)

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Safari successfully exploited in seconds in Pwn2Own contest
 

gfxgfx
gfx
©2005-2021 WinMXWorld.com. All Rights Reserved.
SMF 2.0.18 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.027 seconds with 24 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!