{"id":3063,"date":"2011-03-10T09:39:01","date_gmt":"2011-03-10T09:39:01","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3063"},"modified":"2015-09-09T19:37:17","modified_gmt":"2015-09-09T11:37:17","slug":"day-one-at-pwn2own-takes-out-microsoft-internet-explorer-and-apple-safari","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2011\/03\/day-one-at-pwn2own-takes-out-microsoft-internet-explorer-and-apple-safari\/","title":{"rendered":"Day One At Pwn2Own Takes Out Microsoft Internet Explorer and Apple Safari"},"content":{"rendered":"
Well it’s March again and well we love March because it’s Pwn2Own<\/a> time! Every year around this time we get some goodies to discuss way back since:<\/p>\n It took Microsoft till June last year to fix the Pwn2Own bug – Microsoft Patches At Least 34 Bugs Including Pwn2Own Vulnerability<\/a>.<\/p>\n This time both Internet Explorer<\/a> and Safari<\/a> fell on the first day! <\/p>\n Contestants in a high-stakes hacking contest had no trouble toppling the Apple Safari and Microsoft Internet Explorer browsers, proving for a fifth year in a row that no software or application is safe from people with the expertise and motivation to exploit them.<\/p>\n The attacks came on Day One of the Pwn2Own contest, which pays more than $15,000 apiece for exploits that successfully give the attacker full remote access of the targeted machine. Wednesday’s event saw hackers take complete control of a fully patched Sony Vaio and MacBook Air by compromising IE and Safari respectively. Google’s Chrome browser was also up for grabs, but no one stepped forward to try hacking it.<\/p>\n \u201cEvery browser, every operating system, has its own vulnerabilities,\u201d said Chaouki Bekrar, CEO of Vupen Security and the contestant who successfully hacked Safari. \u201cThis is what we wanted to demonstrate \u2013 that we can create a very reliable exploit for Apple Mac OS and Safari without even crashing the browser.\u201d<\/p>\n Contest rules forbid him from disclosing most technical details behind the vulnerability, but he was permitted to say that it involved what’s known as a use-after-free flaw in the Apple browser. He said the exploit used a technique known as return-oriented programming to bypass a security protection known as data execution prevention that is built into many Apple programs.<\/p><\/blockquote>\n There have been a barrage of patches recently too with Microsoft patching some very serious bugs in the March 2011 Black Tuesday<\/a>, Apple patches critical Mac bugs with Java updates<\/a>, Apple patching 62 bugs in Safari<\/a> and Jon Oberheide killing his own Android<\/a> bug by reporting it to Google<\/a>.<\/p>\n Also sadly one of the Pwn2Own champions Geohot<\/a> wasn’t present most likely to to the shit storm Sony is throwing at him<\/a>.<\/p>\n It’ll be interesting to what else comes out of Pwn2Own this year.<\/p>\n\n