Safari, IE hacked first at Pwn2Own

Apple, Microsoft browsers drop to first shots at the hacking contest

Apple's Safari and Microsoft's Internet Explorer (IE) both fell to the first hackers who tried their luck on the browsers at Wednesday's opening day of Pwn2Own.

The hacking challenge kicked off at 3:30 p.m. PT, slightly later than scheduled, at the CanSecWest security conference, which runs March 9-11 in Vancouver, British Columbia.

A team from the French security company Vupen walked off with $15,000 and a new MacBook Air after exploiting an unpatched vulnerability in Safari.

Earlier today, Apple updated Safarito version 5.0.4 , fixing 62 vulnerabilities. But Vupen was still able to break the browser .

" Apple has just released Safari 5.0.4 and iOS 4.3 a few minutes before the Pwn2Own contest," Vupen said Wednesday afternoon on its Twitter account several hours before the contest began. "This breaks some exploits but not all!!"

HP TippingPoint, the security company that sponsors Pwn2Own, said earlier today that the last-minute Safari updates could affect who was awarded prize money.

TippingPoint's Peter Vreugdenhil said the browsers were "frozen" two weeks before today's tip-off with the then-current versions of Safari, Google 's Chrome 9, Microsoft 's IE8 and Mozilla's Firefox 3.6, to give researchers a stationary target.

"Exploit development does sometimes rely on certain versions and that is the reason we have frozen the devices," Vreugdenhil said in an e-mail today.

But the Safari patches still had a part to play in Vupen winning. If the vulnerability used by Vupen to hack Safari had been fixed in 5.0.4, TippingPoint would not have awarded the $15,000 prize.

Instead, the money would have gone to the first researcher who exploited the "frozen" version of Safari -- 5.0.3 was on the MacBook Air -- using a bug still present in today's update.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@computerworld.com .

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Cybercrime and HackingAppleapplicationsMicrosoftbrowserssoftwaretwitter

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?