bit-tech.net

Pwn2Own defeats Firefox, Safari, IE8, and iPhone

Pwn2Own defeats Firefox, Safari, IE8, and iPhone

The Pwn2Own contest has made light work of security features built into Firefox, Safari, and IE8 - plus Apple's iPhone.

The first day of the Pwn2Own contest at CanSecWest is over, and it's bad news for browsers - three of the most common web browsers have been successfully exploited.

The annual contest challenges hackers and security researchers to attack devices running fully up-to-date versions of the latest browsers and operating systems, with the first to breach a particular system receiving a cash prize along with the hardware used in the contest. As reported over on CNET, it's been a busy day for the security community.

In day one of Pwn2Own 2010, security pro Charlie Miller was the first off the blocks with a successful remote attack against a MacBook Pro running the latest version of Apple's MacOS X - exploiting a hitherto unknown security vulnerability in the Safari browser to launch a remote shell and winning himself $10,000 plus the laptop for his trouble.

Next was Peter Vreugdenhil, who managed to bypass Windows security features including Data Execution Prevention code via Internet Explorer 8 to take over a PC - and again receiving $10,000 plus the hardware.

The browser-based trifecta was completed by a mysterious figure calling himself Nils - no last name - who received $10,000 for exposing a memory corruption flaw in the latest version of Mozilla's popular Firefox browser.

Perhaps the most surprising hack of the day came from Ralf Weinmann and Vincenzo Iozzo, who shared a $15,000 prize for exploiting an iPhone running the latest firmware in such a way that a simple visit to a malicious website can cause the handset to silently upload its entire SMS database to a remote server - giving ne'er-do-wells full access to all your private messages. The pair were keen to point out that although the version of the exploit used at Pwn2Own targetted SMS messages, the code can be tweaked to retrieve any data stored on the handset - including photos.

Details on all the exploits used at Pwn2Own this year will be shared by contest organiser TippingPoint with the relevant vendors, allowing patches to be developed to secure the holes.

Are you amazed that so many browser attacks were successful, or do you just feel sorry for Apple getting hit twice in one contest with MacOS X and iPhone penetrations? Share your thoughts over in the forums.

25 Comments

Discuss in the forums Reply
proxess 25th March 2010, 15:24 Quote
What OS was Firefox running on?
yakyb 25th March 2010, 15:24 Quote
does this mean opera was okay or was there no competition against it?
dec 25th March 2010, 15:41 Quote
what about chrome?
rickysio 25th March 2010, 15:46 Quote
Surprisingly no Opera and Chrome.
BentAnat 25th March 2010, 15:49 Quote
It doesn't mean much.
Hackers tend to target popular platforms.
FF, IE8, Safari are the three most popular browsers.
Reasons being:
- IE ships with Windows
- Safari ships with Mac
- FF is the most popular 3rd party browser

Pwn2Own normally focuses on "stock installs" on day one, AFAIK.
Think about it - why would you bother hacking Opera on a mac, if there's a total of 2 people running that combination worldwide... :/
Cupboard 25th March 2010, 15:54 Quote
^^ and I know one of them ;)

Still, its a pretty good effort. I think the iPhone one is the most interesting -its a pretty locked down phone after all, and from what I hear getting stuff onto it without iTunes is a nightmare.
thehippoz 25th March 2010, 15:56 Quote
the firefox flaw is interesting =] the others whatever..the devs probably put those backdoors in
do_it_anyway 25th March 2010, 17:00 Quote
But Apple's don't get viruses, or hacked, or in any way badly treated by the bad guys.
You don't even need security software for the mighty Apple. Thats why they are so much better than PC's.

[/sarcasm off]

LOL!
Centy-face 25th March 2010, 17:06 Quote
Feel sorry for Apple? HA! That day will never ever come and if it did they would be too far up their own arse to notice anyway.
Redbeaver 25th March 2010, 17:22 Quote
Quote:
Originally Posted by thehippoz
the firefox flaw is interesting =] the others whatever..the devs probably put those backdoors in

memory corruption flaw is interesting? :P

well if they meant the computer RAM memory, yeah, that'll b interesting lol....

im most interested at the script that can upload all those iphone media into a remote server all in one swipe.
TSR2 25th March 2010, 17:24 Quote
No, the ability to upload the contents of the iPhone is a feature (that you signed up to in the EULA) so Apple can review your data.
For your own protection.
javaman 25th March 2010, 17:33 Quote
With the number of iphones on the go, they're certainly would be a prime target.

+1 to do it anyway. Everyone knows Macs are immune.

Probably got banned from the appstore as a result and guys in turtlenecks will laugh at them for using inferior hardware to hack it with.
l3v1ck 25th March 2010, 17:33 Quote
Would NoScript have stopped the Firefox attack?
eddtox 25th March 2010, 17:44 Quote
+1 to do it anyway for getting there before me. Next time I hear someone say that macs are bulletproof I intend to slap them and point them to the article. Not that I think that other os's are. I would quite confidently bet that there isn't a single platform in existence which is unhackable and I doubt there ever will be. Paint a big enough target on it and sooner or later it will get hit.
brave758 25th March 2010, 18:18 Quote
Lol mac's have been insecure for a long time and now. That have had virus's for some time as well sorry malware mac's can't get virus's
Was reading a article the other day saying that with their closed platform now based on intel this makes it even easier yet to exploit.
This is not a dig at mac users but the mac empire with its head in the sand
Shadow703793 25th March 2010, 18:20 Quote
Quote:
Originally Posted by l3v1ck
Would NoScript have stopped the Firefox attack?

I wondered this too. Until there is more info on the attack it's impossible to tell. Fire Fox + AdblockPlus + Noscript works quite well. I do hope the next version of FireFox will have a sandbox similar or better than Chrome's current implementation.
rollo 25th March 2010, 19:16 Quote
macs arnt bulletproof but theres so few world wide that viruses never target them. Its the old needle in ahaystack thing. Why target 10million macs when you can target a few hunderd million windows users

not sure on exact figures

if you make a virus you target the biggest market not the smallest unless your just wanting to hack macs
RichCreedy 25th March 2010, 20:02 Quote
you found the link i postd on the forums earlier then :)
Farfalho 25th March 2010, 22:24 Quote
I like the only difference of a security pro from a hacker is only the name and the payroll, both do the same but one of them is paied a lot more xD

Good to see such results from day one!
nakchak 25th March 2010, 22:41 Quote
Quote:
Originally Posted by Shadow703793
Quote:
Originally Posted by l3v1ck
Would NoScript have stopped the Firefox attack?

I wondered this too. Until there is more info on the attack it's impossible to tell. Fire Fox + AdblockPlus + Noscript works quite well. I do hope the next version of FireFox will have a sandbox similar or better than Chrome's current implementation.

Doubtful tbh, just look at the 0day the other day, overflow caused by new WOFF feature, no script wouldnt protect against that, a lot of these overflows are cuased by file handling and exploiting plugins to handle aditional content rather than it being a bug in the rendering and javascript engines

Even a sandbox wouldnt protect if the fault is located in a plugin, and the plugin dev decides not to follow bestpractice or circumvent security measusre (adobe) then ur boned anyway
dyzophoria 26th March 2010, 03:02 Quote
sometimes its good to see things like these, developers will just continue to better their programs in terms of security ( dunno bout apple though, honestly they dont seem to care much, a bug is found, they fix it months later and I doubt they are doing anything to improve their security)
Sebbo 26th March 2010, 03:33 Quote
Quote:
Originally Posted by rollo
macs arnt bulletproof but theres so few world wide that viruses never target them. Its the old needle in ahaystack thing. Why target 10million macs when you can target a few hunderd million windows users

to wipe the smug smiles off their faces? :- P

/. has an update on this where apparently Miller is wanting to show the developers how to find the vulnerabilities rather than just what they are
chtun 26th March 2010, 09:26 Quote
Quote:
Originally Posted by nakchak
Doubtful tbh, just look at the 0day the other day, overflow caused by new WOFF feature, no script wouldnt protect against that

You're definitely wrong, NoScript did protect specifically against the WOFF bug, like it did with 99% of the Firefox vulnerabilities seen so far and with almost 100% of the working exploits, since they usually require also Javascript-based or plugin-based heap spraying.

Here's why NoScript has been blocking web fonts by default for a long time now.
rickysio 26th March 2010, 10:56 Quote
Quote:
Originally Posted by rollo
macs arnt bulletproof but theres so few world wide that viruses never target them. Its the old needle in ahaystack thing. Why target 10million macs when you can target a few hunderd million windows users

not sure on exact figures

if you make a virus you target the biggest market not the smallest unless your just wanting to hack macs

But the fact remains that Mac users do not use anti viruses, so why would you target the harder target? Target the fools who are still oblivious, and perhaps your infection rate will shoot through the roof.
RichCreedy 26th March 2010, 12:25 Quote
because it wouldn't be a challenge
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums