Pwn2Own Hackfest: Day One Déjà vu

The day one of Pwn2Own just got over and the results gave me a Déjà vu. Browsers started falling starting with Safari on Snow Leopard followed by Internet Explorer 8 and Firefox 3. The Safari hack was once again claimed by Charlie Miller, this time third year in a row. Peter Vreugdenhil broke into Internet Explorer 8 on Windows 7 and both the Safari and Internet Explorer attack were carried out through remote malicious codes.

Firefox 3 was hacked on a 64 bit Windows 7 by Nils, who happens to be a German CS student. He is also a familiar face who had successfully hacked Firefox, Safari and Internet Explorer at last year’s Pwn2Own.

In the midst of all this hacking and remote code execution, one browser which was left untouched was Google Chrome. Google Chrome was not even attempted to be hacked because of its sandboxed environment. Charlie Miller from last year’s Pwn2Own explains Google Chrome’s behavior saying,

There are bugs in Chrome but they’re very hard to exploit. I have a Chrome vulnerability right now but I don’t know how to exploit it. It’s really hard. They’ve got that sandbox model thats hard to get out of. With Chrome, it’s a combination of things — you can’t execute on the heap, the OS protections in Windows and the Sandbox.

The winners, that is, the successful hackers won a sum of $10,000 and the hacked system as prize. Even though Firefox and Internet Explorer applied security patches just before the starting of the hackfest, they did not get spared.
[Via: neowin ]

Published by

Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. You can connect with him on Twitter @ckandroid.