The famous competition Pwn2Own saw Safari and Internet Explorer dropped from the first day. The system at the apple was hacked by a French company that has exploited a flaw in WebKit. This contest is part of the CanSecWest conference that brings together experts in computer security. The first to force the browser to execute arbitrary code with the machine wins.
This year, they were also forced to escape the sandbox and other limits imposed by the operating system. Clearly, they must be able to take full control of the system through the browser. As usual, the first machine was struck by a falling apple. It must be said that experts like to harp on the MacBook and this year was no exception.
Chaouki Beker, co-founder of VUPEN, the French company that won the 13-inch MacBook Air brought into play, spent two weeks preparing the code exploiting the vulnerability and requested the support of three researchers. They had to create a debugger, a code shell and an ROP (return-oriented programming).
They were then sent on a Safari web page containing malicious code that opened the calculator Mac OS X and wrote a file on the hard disk, showing the execution of arbitrary code and bypass the sandbox. So it is clearly beyond the reach of any attacker. We are also surprised that the pirated version of Safari 5.0.3 was while Apple has released an update last night (5.0.4).
The site says DVLabs however, that the browser will be used during the competition will be the last official version released. Nonetheless, it appears that the configuration Apple was a week ago. The 32-bit version of Internet Explorer is also fallen. She ran on a 64-bit Windows 7 SP1. The expert used three different security vulnerabilities.
Two to launch the Windows calculator and a final bug exceed Protect mode of Microsoft's browser. Chromium is the only one not to have transferred, but the person who had registered did not come. No one has officially tried to drop it. The next steps will focus on Pwn2Own Firefox, and now smartphones (iPhone, BlackBerry, Android Phone and Windows 7).
This year, they were also forced to escape the sandbox and other limits imposed by the operating system. Clearly, they must be able to take full control of the system through the browser. As usual, the first machine was struck by a falling apple. It must be said that experts like to harp on the MacBook and this year was no exception.
Chaouki Beker, co-founder of VUPEN, the French company that won the 13-inch MacBook Air brought into play, spent two weeks preparing the code exploiting the vulnerability and requested the support of three researchers. They had to create a debugger, a code shell and an ROP (return-oriented programming).
They were then sent on a Safari web page containing malicious code that opened the calculator Mac OS X and wrote a file on the hard disk, showing the execution of arbitrary code and bypass the sandbox. So it is clearly beyond the reach of any attacker. We are also surprised that the pirated version of Safari 5.0.3 was while Apple has released an update last night (5.0.4).
The site says DVLabs however, that the browser will be used during the competition will be the last official version released. Nonetheless, it appears that the configuration Apple was a week ago. The 32-bit version of Internet Explorer is also fallen. She ran on a 64-bit Windows 7 SP1. The expert used three different security vulnerabilities.
Two to launch the Windows calculator and a final bug exceed Protect mode of Microsoft's browser. Chromium is the only one not to have transferred, but the person who had registered did not come. No one has officially tried to drop it. The next steps will focus on Pwn2Own Firefox, and now smartphones (iPhone, BlackBerry, Android Phone and Windows 7).
- OS X And Safari First Casualty At Pwn2Own Hacking Contest (10/03/2011)
- Safari & IE fall to the first hackers at Pwn2Own: That after Apple released Safari 5.0.4 on iOS 4.3! (10/03/2011)
- pwn2own day one: Safari, IE8 fall, Chrome unchallenged (10/03/2011)
- Safari owned by French security experts within 5 seconds at Pwn2Own hacker challenge (10/03/2011)
- Nick Ali: Pwn2Own Jam? (10/03/2011)
Pwn2Own (wikipedia)  
No comments:
Post a Comment