Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 18th, 2009

IE8, Firefox And Safari Exploited At CanSecWest Security Conference

For the second consecutive year, the security researcher Charlie Miller hacked into a fully patched MacBook computer by exploiting a security vulnerability in Apple’s Safari browser.

“It took a couple of seconds. They clicked on the link and I took control of the machine,” Miller said moments after his accomplishment.

The Pwn2Own 2009 contest at CanSecWest security conference kicked off at exactly 3:15 PM and, within seconds, Miller launched his drive-by attack and claimed the $10,000 top prize. He also got to keep the MacBook machine.

Miller said he came to the CanSecWest with a plan to hack into Safari and had tested the exploit carefully to ensure “it worked the first time.” Technical details of the vulnerability will not be released until a patch is ready.

It took a while longer but Microsoft’s Internet Explorer 8 also did not survive the hacker onslaught. A security researcher named “Nils” (he declined to provide his full name) performed a clean drive-by download attack against the world’s most widely used browser to take full control of a Sony Vaio machine running Windows 7.

He won a cash prize and got to keep the hardware.  Details of the vulnerability, which was described by contest sponsor TippingPoint ZDI as a “brilliant IE8 bug!” are being kept under wraps.

Several members of Microsoft’s security response team were on hand to witness the successful exploit.

“Nils” also scored a clean hit against Apple’s Safari (he was the second hacker to exploit Safari) and, later in the afternoon, he exploited a Firefox zero-day flaw to claim the trifecta.

Credit: Security Blogs

Share this item with others:

More on CyberInsecure:
  • Mac users are advised not to use Safari by Consumer Reports
  • Apple Safari For Windows Critical Vulnerabilities
  • Privacy Flaw Found In Apple Safari RSS Reader
  • Apple Patches Multiple Vulnerabilities In Safari 3.1.1
  • Microsoft Internet Explorer Script Injection Vulnerability

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: IE8, Firefox And Safari Exploited At CanSecWest Security Conference

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.