Safari hacked within seconds at Pwn2Own contest

IE8 and Firefox cracked soon after

Safari hacked within seconds at Pwn2Own contest
View more images

19 March 2009 12:34 GMT / By Verity Burns

In just day one of the annual Pwn2Own hacking competition, IE8 and Firefox were cracked within a matter of hours, and Safari floored within seconds.

The champion of the day was a master's student from the University of Oldenburg, who made hacking all three browsers look scarily easy for those who developed them.

Simply known as "Nils", the student said: "It's not as easy as a few years ago.

"Still, browsers have a lot of problems. It's really a lot of codes that are exposed to the internet".

Nils joined security researcher and Pwn2Own regular Charlie Miller who successfully hacked Apple's Safari browser within 10 seconds, using a remote-execution exploit to gain control of the Mac.

This method is an often-used hacker tactic, that entices users to a website infected with malware. Miller walked away with a $5000 prize for the rights to the exploit code he used, which was reported to on-site Apple representatives.

Nils also won himself $5000 and a Sony Vaio for his IE8 bug.

The competition will continue into day 2, offering up a $5000 prize for each additional bug found to down one of the giants. Hackers will be able to have a go at cracking Firefox and Chrome on a PC, or Safari and Firefox on a Mac.

Alongside this, this year's Pwn2Own contest also features a mobile OS hacking contest, awarding a $10,000 cash prize for every vulnerability successfully exploited in the five main mobile operating systems. These include Windows Mobile, Google's Android, Symbian, and the operating systems used by the iPhone and BlackBerry.

Speaking of the benefits of the competition to companies, Miller said: "If it wasn't for the competition, there'd still be these two bugs from this year and last year".

"Apple gets free bugs, I get money and people's computers get fixed".

Related
Full tags
Software, Online, Websites, Safari, Internet Explorer, Firefox, Microsoft, Apple, Mozilla
UK Shopping
Amazon.co.uk, play.com, pixmania.co.uk, Currys.co.uk, Dixons.co.uk, 7dayshop.com, ebay.co.uk
US Shopping
Amazon.com, bestbuy.com, ebay.com

share Subscribe to RSS feeds email story save story print story pdf

Comments

  • The Safari was on a PC right? Not a Mac? Posted by noname, usa
  • "using a remote-execution exploit to gain control of the Mac." Posted by dave, usa
  • so what if they decide to not release the exploits to the industry and sell to black-hat market at much higher price?
     Posted by ben, usa
  • I'm wondering what version of safari, I assume it's not whatever they're developing now.

    @ben: White hat hackers usually aren't complete dicks, they could make plenty exploiting it themselves, and free stuff without the threat of going to jail is always cool     Posted by andrew, usa
  • I believe a different article metioned that the OS and browsers were fully up to date, which to me means official releases, but I could be wrong. Posted by Stubbs, United Kingdom
  • New commercial for M$....

    Hello, i'm Mac..
    And i'm PC...
    Hey Mac, can you count to 10?
    Sure PC... 1..2..3..4...5..6..7..ack pfft WTF!?!?
    (PC uses a remote control to make Mac beat himself into a coma.)
    Cool... working as intended.     Posted by brett, Canada

(Will not be published)

  (Next time sign in to bypass captcha)

Latest in Software

Latest on Pocket-lint.com

About Pocket-lint

Pocket-lint is your one stop shop for gadgets, technology and consumer electronics, bringing you the low-down on the latest televisions, cameras, phones, GPS and much more. Whether it's learning about what's hot in the world of Apple, finding out about the latest home cinema kit from Samsung and Sony or merely seeing what not to buy, we have you covered. So check out our reviews, news, comment, hands-on photo galleries and videos. Enjoy.

Pocket-lint.com poll

Q. Do you want the Droid by Motorola?

Vote YES Vote NO

» LAST TIME
When asked Can iPhone games rival the PSP and DS? 52% said yes and 48% said no

Top 10 Broadband

Compare 50+
broadband packages

Home Broadband »

Top products

tip us on news

Rss feed

Follow us on Twitter