AfterDawn: News

Pwn2Own: Chrome, Android, Firefox own; Safari, IE8, iOS, BB get pwned

Two days into the Pwn2Own hacking challenge, only a few still remain.

So far, hackers have not been able to exploit Mozilla Firefox 3.6, Google Chrome, and the mobile Android OS.



Victims of the contest include Internet Explorer 8, Apple Safari 5, iOS 4 and BlackBerry.

All the security researchers who manage to exploit the browsers or operating systems take home a cash prize of $15,000 and a laptop. If Chrome gets beaten, the researcher takes home $20,000.

Charlie Miller beat the iPhone 4 with iOS and has taken home the prize in 2007, 2009, 2010 and this year.

Firefox fixed 10 security flaws the day before the contest started, and Google fixed 9. Chrome has yet to be defeated since its launch in 2008, while Firefox was beaten in 2009 and 2010.

Security researchers from VUPEN beat Safari 5, rather easily: "We pwned Apple Safari on Mac OS X (x64) at Pwn2Own in 5 seconds."

Written by: Andre Yoskowitz @ 11 Mar 2011 15:08

• Previous article

• Apple set to sell 600,000 iPad 2 in first 24 hours

• Next article

• Rovio secures $42 million in funding

• 11 comments

• jookycola

  So much for the whole Apples can NEVER get a virus B.S.
  

  
  

  11.3.2011 17:01 #1

• lissenup2

  Originally posted by jookycola: So much for the whole Apples can NEVER get a virus B.S. That was never the case but blinded Apple users firmly believe that it is.
  
  
  On another note, I gotta change my profession and just hack the world away and get payouts like this for an income.

  11.3.2011 17:26 #2

• Pop_Smith

  According to the article about Pwn2Own on Ars Technica a new set of rules this year for the competition state that the clients were "frozen" a week before competition started and if a hackers flaw worked on the "frozen" version they would "Own" the hardware.
  
  However, if the hacker wanted the cash the flaw must exist in a fully-patched version, even if it was released the day of Pwn2Own:
  
  http://arstechnica.com/security/news/2011/03/pwn2own-day-one-safari-ie8-fall-chrome-unchallenged.ars
  

  http://www.megavideo.com/?v=V1VZAD0O <-- Brian Regan "Take Luck" video.
  
  "The only people who should buy Monster cable are people who light cigars with Benjamins." - Gizmodo

  11.3.2011 17:36 #3

• lissenup2

  Originally posted by Pop_Smith: According to the article about Pwn2Own on Ars Technica a new set of rules this year for the competition state that the clients were "frozen" a week before competition started and if a hackers flaw worked on the "frozen" version they would "Own" the hardware.
  
  However, if the hacker wanted the cash the flaw must exist in a fully-patched version, even if it was released the day of Pwn2Own:
  
  http://arstechnica.com/security/news/2011/03/pwn2own-day-one-safari-ie8-fall-chrome-unchallenged.ars
  
  Oh man.........what you just said was like hieroglyphics to me.

  11.3.2011 18:31 #4

• DVDBack23

  Originally posted by Pop_Smith: According to the article about Pwn2Own on Ars Technica a new set of rules this year for the competition state that the clients were "frozen" a week before competition started and if a hackers flaw worked on the "frozen" version they would "Own" the hardware.
  
  However, if the hacker wanted the cash the flaw must exist in a fully-patched version, even if it was released the day of Pwn2Own:
  
  http://arstechnica.com/security/news/2011/03/pwn2own-day-one-safari-ie8-fall-chrome-unchallenged.ars Idk about you brother, but I want to the $15k, I don't care about being able to say I "owned" the browser lol
  

  AfterDawn News
  AfterDawn Guides
  AfterDawn Downloads
  AfterDawn Hardware Section
  
  

  11.3.2011 18:42 #5

• Pop_Smith

  Originally posted by lissenup2: Oh man.........what you just said was like hieroglyphics to me. Basically, if you hack the browser you get the hardware (the laptop) it was setup on. If your hack also works on the latest version (even if it was released the day of Pwn2Own) you get $15k in cash and the hardware.
  
  Originally posted by DVDBack23: Idk about you brother, but I want to the $15k, I don't care about being able to say I "owned" the browser lol For sure, I'm in that same boat. I'd much rather have $15-20k in cash instead of a $1000-$2500 laptop. As I stated above, I believe you get both the hardware and the cash if your hack works on the newest version of the browser.
  

  http://www.megavideo.com/?v=V1VZAD0O <-- Brian Regan "Take Luck" video.
  
  "The only people who should buy Monster cable are people who light cigars with Benjamins." - Gizmodo

  11.3.2011 21:56 #6

• xnonsuchx

  Originally posted by jookycola: So much for the whole Apples can NEVER get a virus B.S.
  While too many devotees imply NO viruses on a Mac, they're still very rare to come by...especially the nasty ones. Of course, if people knew what they were doing with their computers (no matter what OS), they wouldn't need ANY protection other than their good sense.

  12.3.2011 01:16 #7

• KillerBug

  OSX viruses are a bit like OSX software...hard to find and lacking capabilities.
  

  
  

  12.3.2011 03:08 #8

• shortybob

  Anyone that still uses Safari... Well I wouldn't say they deserve to get hacked, but c'mon, get with the times...
  

  12.3.2011 09:06 #9

• KillerBug

  Safari might not be as good as freeware, but at least it is better than Internet Exploiter; they didn't even bother including it in the competition...that would have been like shooting fish in a barrel, with a shotgun.
  

  
  

  13.3.2011 23:45 #10

• wmccusker

  Originally posted by KillerBug: Safari might not be as good as freeware, but at least it is better than Internet Exploiter; they didn't even bother including it in the competition...that would have been like shooting fish in a barrel, with a shotgun.
  Quote:Pwn2Own: Chrome, Android, Firefox own; Safari, IE8, iOS, BB get pwned I think you missed that but, but your comment about how bad it is still stands.
  Also any gun will kill a fish in a barrel, even a .22
  

  14.3.2011 14:32 #11