Hacking Contest Smashes Safari, Internet Explorer

/ Source: SecurityNewsDaily

Apple fixed 62 security flaws for its Safari Web browser yesterday (March 9), but the massive repair job wasn’t enough to keep it or Microsoft’s Internet Explorer from crumbling at the hands of hackers at the Pwn2Own hacking contest.

Pwn2Own kicked off yesterday at the CanSecWest security conference in Vancouver, British Columbia, pitting hackers against the top four Web browsers — Safari, Google Chrome, Mozilla Firefox and IE — for $65,000 in cash prizes.

A team from the French security firm Vupen won $15,000 and a MacBook Air for exploiting a Safari bug in the first round, Computer World reported.

The prize-winning hack occurred just hours after Apple had updated Safari to version 5.0.4, patching 62 vulnerabilities that left Windows and Mac Safari surfers open to remote exploit via maliciously crafted websites, Apple’s website said.

The Safari update missed the contest’s cutoff, however, and hackers worked on version 5.0.3.

Internet Explorer 8 also fell on Pwn2Own’s opening day.

Stephen Fewer, the founder of Harmony Security, bypassed the browser’s “protected mode,” a feature that isolates computer infections from spreading throughout the browser, Computer World reported.

Google’s Chrome Web browser managed to remain untouched. In fact, Computer World reported that nobody even attempted to crack into Google Chrome, despite the $20,000 Google offered to anyone who could successfully exploit it.

One team scheduled to try cracking into Chrome didn’t show up, and the other forfeited to give itself time to work on its BlackBerry exploit, planned for today (March 10).

The Firefox crack was rescheduled to also take place today.

Although Safari and Internet Explorer didn’t fare well, the Pwn2Own contest is designed to increase overall browser – and user – security.

The companies whose products are purposely exploited are given six months to fix the flaws before contest sponsor HP TippingPoint releases any technical information on the hacks.