The three day Pwn2Own contest at the CanSecWest security show is on.
And at the end of the day, 3 major browsers, Firefox, Safari and IE8 were successfully exploited.
Also a non-jailbroken iPhone was also hacked and its SMS database was stolen.
Vincenzo Iozzo and Ralf Philipp Weinmann redirected an iPhone to a web site they’d set up, crashing its browser and then stealing its entire SMS database (including some erased messages). It is possible, however, to set up a similar attack to work without crashing the browser, hackers claim, and set up different attack payloads. Iozzo and Weinmann won a $15,000 prize for successfully demonstrating the attack. Details about the attack will be released once Apple is notified and the security hole is patched.
A successful remote attack against a MacBook Pro running the latest version of Apple’s MacOS X was done by Charlie Miller – exploiting a unknown security vulnerability in the Safari browser to launch a remote shell and winning himself $10,000 plus the laptop for his work.
Peter Vreugdenhil managed to bypass Windows security features including Data Execution Prevention code via Internet Explorer 8 to take over a PC (running the latest patched version of Windows 7) – and again receiving $10,000 plus the hardware.
CNET provides all details of the hacks here.
{ 1 comment… read it below or add one }
They’re all just as bad as each other but we can’t exactly point and laugh as they do their best to help secure us. It’s just the hackers are too good at wht they do and are forever finding ways to get around anything put in place to stop them. If the governement can be hacked so can everyone else?