IE8, Firefox And Safari Exploited At CanSecWest Security Conference
For the second consecutive year, the security researcher Charlie Miller hacked into a fully patched MacBook computer by exploiting a security vulnerability in Apple’s Safari browser.
“It took a couple of seconds. They clicked on the link and I took control of the machine,” Miller said moments after his accomplishment.
The Pwn2Own 2009 contest at CanSecWest security conference kicked off at exactly 3:15 PM and, within seconds, Miller launched his drive-by attack and claimed the $10,000 top prize. He also got to keep the MacBook machine.
Miller said he came to the CanSecWest with a plan to hack into Safari and had tested the exploit carefully to ensure “it worked the first time.” Technical details of the vulnerability will not be released until a patch is ready.
It took a while longer but Microsoft’s Internet Explorer 8 also did not survive the hacker onslaught. A security researcher named “Nils” (he declined to provide his full name) performed a clean drive-by download attack against the world’s most widely used browser to take full control of a Sony Vaio machine running Windows 7.
He won a cash prize and got to keep the hardware. Details of the vulnerability, which was described by contest sponsor TippingPoint ZDI as a “brilliant IE8 bug!” are being kept under wraps.
Several members of Microsoft’s security response team were on hand to witness the successful exploit.
“Nils” also scored a clean hit against Apple’s Safari (he was the second hacker to exploit Safari) and, later in the afternoon, he exploited a Firefox zero-day flaw to claim the trifecta.
Credit: ZDNet.com Security Blogs
More on CyberInsecure:
Posts
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.