Safari down First, IE 8 follows at PWN2OWN

Even in spite of a big recently released update Safari running on the latest version of Mac OSX was the first to fall at the PWN2OWN contest at the Canwest security conference with a demonstration that visiting a web page would allow remote code execution and modification of files on the desktop. According to Ars Technica's article the attack against Safari took a team 2 weeks to put together. Next to fall was IE 8 running on Windows 7 SP1. The researcher who put together this exploit took approximately six weeks to create the attack, which leveraged a chain of three vulnerabilities to allow remote code execution. According to the ARS article, no attacks so far have been performed against Chrome as the contestant who had registered to attend withdrew, suspicion placed on the vulnerability that they were going to use being squelched by a raft of updates released by Google in the last few days.

Tomorrow in the competition FireFox will be attacked as well as common mobile operating systems. The mobile exploits are important as more and more users transition their digital lives and social networks, known cesspits of malware, across to mobile platforms.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish