Pwn2Own, the yearly hacking contest held as part of the CanSecWest security conference, saw the successful hijacking of fully patched versions of Safari and Internet Explorer 8 this year. Ars Technica described Pwn2Own as the following:
If a researcher can pwn the browser—that is, make it run arbitrary code—then they get to own the hardware the browser runs on. This year, not only did they have to run arbitrary code, they also had to escape any sandboxes—restricted environments with reduced access to data and the operating system—that are imposed.
Safari, which enjoyed the patching of 60 security holes in the browser the day before the competition, was taken down in five seconds after the browser went on its specially-crafted malicious web page. It took two weeks for a team of three researchers to put together the successful exploit.
Internet Explorer 8 was second to fall and in a similar style to Safari. However, Microsoft chose not to patch the browser a week or even a day before Pwn2Own was to take place. The successful contestant required five to six weeks to assemble the exploit.
Chrome was the third browser to be tested, but the contender who was pitted against Chrome did not show up, leaving the browser unbeaten. A reason for this could be that 24 security flaws were fixed by Google in an update on Wednesday, likely leaving the browser immune to the security flaw the contender was going to use.
About (Author Profile)
Being passionate about software, Armin joined FavBrowser.com in early 2011 and has been actively writing ever since. Having accepted the challenge, he also enjoys watching anime, indulging in good books, staying fit and healthy, and trying new things.