Earlier in the week, we reported that Internet Explorer (running on Windows 7) and Safari (running on Snow Leopard) had been hacked almost instantaneously on the first day of pwn2own, an annual hackfest. Google’s Chrome browser made it through as the sole participant who had registered to take a crack at Chrome failed to turn up.
The following days of the competition witnessed Firefox web browser, and Android and Windows Phone 7 mobile operating systems survive pwn2own 2011 in a similar manner as contestants either failed to turn up or withdrew.
On the other hand, Apple’s poor show in the competition continued with the legendary Charlie Miller succeeding in bypassing iPhone’s defense by exploiting a bug present in Mobile Safari.
RIM’s Blackberry OS, which was tested next, also fell quite easily. Once again, a flaw in its Webkit based browser was the culprit. The team made up of Vincenzo Iozzo, Willem Pinckaers, and Ralf Philipp Weinmann targeted the browser as unlike RIM’s operating system, WebKit is well documented and well known.
Meanwhile, after examining the vulnerabilities exploited by Stephen Fewer to hack Internet Explorer 8, Microsoft has stated that they have already fixed the concerned vulnerability in Internet Explorer 9. It didn’t however explain why older versions of internet explorer were yet to be patched, and when, if at all, they will be patched. All the exploits used in the competition are properties of TippingPoint ZDI, which passes them on to the concerned vendors, and provides them six months to fix the issue.