Safari hacked within seconds at Pwn2Own contest

IE8 and Firefox cracked soon after

19 March 2009 12:34 GMT / By Verity Burns

In just day one of the annual Pwn2Own hacking competition, IE8 and Firefox were cracked within a matter of hours, and Safari floored within seconds.

The champion of the day was a master's student from the University of Oldenburg, who made hacking all three browsers look scarily easy for those who developed them.

Simply known as "Nils", the student said: "It's not as easy as a few years ago.

"Still, browsers have a lot of problems. It's really a lot of codes that are exposed to the internet".

Nils joined security researcher and Pwn2Own regular Charlie Miller who successfully hacked Apple's Safari browser within 10 seconds, using a remote-execution exploit to gain control of the Mac.

This method is an often-used hacker tactic, that entices users to a website infected with malware. Miller walked away with a $5000 prize for the rights to the exploit code he used, which was reported to on-site Apple representatives.

Nils also won himself $5000 and a Sony Vaio for his IE8 bug.

The competition will continue into day 2, offering up a $5000 prize for each additional bug found to down one of the giants. Hackers will be able to have a go at cracking Firefox and Chrome on a PC, or Safari and Firefox on a Mac.

Alongside this, this year's Pwn2Own contest also features a mobile OS hacking contest, awarding a $10,000 cash prize for every vulnerability successfully exploited in the five main mobile operating systems. These include Windows Mobile, Google's Android, Symbian, and the operating systems used by the iPhone and BlackBerry.

Speaking of the benefits of the competition to companies, Miller said: "If it wasn't for the competition, there'd still be these two bugs from this year and last year".

"Apple gets free bugs, I get money and people's computers get fixed".

Full tags

Software, Online, Websites, Safari, Internet Explorer, Firefox, Microsoft, Apple, Mozilla