Pwn2Own Hackers Take Down IE8, iPhone, Safari2:45 PM EST Thu. Mar. 25, 2010
The annual Pwn2Own contest held at the CanSecWest hacker conference in Vancouver, B.C. has already claimed its first round of victims. Included in the wave of fallen Web browsers hacked by security buffs were Internet Explorer 8, Firefox 3.6.2 on 64-bit Windows 7, Safari on OS X and the Apple iPhone.
Vincenzo Iozzo of German security company Zynamics and researcher Ralf-Phillipp Weinmann, from the University of Luxemboug, claimed victory for a successful iPhone hack by circumventing code signing and data execution prevention features that blocked hackers from running arbitrary code. Both Iozzo and Weinmann not only successfully exploited the iPhone zero-day, they found a way to gain access to the entire SMS database and view deleted text messages, which they uploaded to a server.
For the third year in a row, Charlie Miller took the top prize for the OS X hack after finding a critical Safari vulnerability on the MacBook.
Researcher Peter Vreugdenhil was able to break into IE 8 by bypassing both the Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) functions.
A critical vulnerability was also exploited on the latest version of Mozilla Firefox 3.6.2 by U.K.-based MWR Info Security researcher known only as "Nils." As with IE 8, Firefox was successfully exploited when Nils bypassed the ASLR and DEP functions.
However, neither the Firefox nor the IE 8 exploit could overcome the sandboxing features in Windows 7 Protected Mode.
Thus far, the only browser yet untouched was Google's Chrome. Google issued an update to Chrome that patched an array of security flaws in the browser days before the Pwn2Own contest was scheduled to begin.
Meanwhile, details of the other hacks have yet to be revealed. Contestants are contractually prohibited from publicly disclosing the vulnerabilities until the appropriate vendors have been notified and had a chance to patch the affected systems.