Pwn2Own: Hacker Exploits IE8, Firefox, Safari

By Vygantas Lipskas | March 19, 2009 | 8 Comments

From ZDNet

“He won a cash prize and got to keep the hardware. Details of the vulnerability, which was described by contest sponsor TippingPoint ZDI as a “brilliant IE8 bug!” are being kept under wraps.

“Nils” also scored a clean hit against Apple’s Safari (he was the second hacker to exploit Safari) and, later in the afternoon, he exploited a Firefox zero-day flaw to claim the trifecta.”

In case you are interested, Mac was hacked in 10 seconds.

Nothing about Opera or Chrome yet.

[digg-reddit-me]


About (Author Profile)


Vygantas Lipskas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism carrier back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.

  • Lomas

    go to: http://www.mozilla.com/en-US/firefox/security/

    Firefox claimed their browser is the safest…

  • FFF

    From: http://cansecwest.com/post/2009-03-18-01:00:00.PWN2OWN_Final_Rules

    Well after much discussion and deliberation here is the final cut at scenarios for the PWN2OWN competitions.

    Browsers and Associated Test PAltform

    Vaio – Windows 7

    IE8
    Firefox
    Chrome

    Macintosh

    Safari
    Firefox

    Day 1: Default install no additional plugins. User goes to link.
    Day 2: flash, java, .net, quicktime. User goes to link.
    Day 3: popular apps such as acrobat reader … User goes to link

    What is owned? – code execution within context of application

    From: http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009

    ZDI Team commented on 2009-02-25 @ 16:10

    @fearphage: Based on market share we only accept Internet Explorer and Firefox vulnerabilities through the ZDI. For the sake of this competition we included Chrome and Safari due to their default presence on various mobile platforms.

    @Vygge
    Found this random comment that you’ll probably like

    I am sure Opera being the one out is going to take this to the EU…

  • http://nocontinues.net/ Tiago Sá

    And it is.

  • http://www.favbrowser.com Vygantas Lipskas

    Looks like they have changed the rules.

    As you can stil find the old agenda via Google’s cache:

    2009-01-12 00:00:00 Pwn2Own and Agenda

    There will be 2 Pwn2Own competitions this year: a) Browsers (IE8, FireFox, Safari, Opera), b) Mobile(Android, iPhone, Symbian, Windows Mobile, RIM)

  • Dobby

    Opera is the safest!

    http://www.opera.com/browser/

  • Kyle

    No it’s not, Tiaga. If you’d leave your fanboyism out of this for a minute and use your brain you’d see that’s blatantly false. Statistically speaking, Opera is the most secure browser.

  • nobody

    “I am sure Opera being the one out is going to take this to the EU…”

    lol, hilarious

  • FFF

    Statistics is nothing without full disclosure. You also have to remember that most of Opera’s market share are on mobile and other non-PC devices, which hasn’t been much of a target until lately (now that you have personal files and documents etc. on them).

    This blog needs a preview or edit function -_-

«
»