We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Safari and IE hacked first at Pwn2Own contest

Apple, Microsoft browsers beaten at first attempt

Apple's Safari and Microsoft's Internet Explorer (IE) both fell to the first hackers who tried their luck on the browsers at the opening day of the Pwn2Own hacking contest.

The hacking challenge kicked off at the CanSecWest security conference, which runs from March 9 to 11  in Vancouver, British Columbia.

A team from the French security company Vupen walked off with $15,000 and a new MacBook Air after exploiting an unpatched vulnerability in Safari.

Apple had updated Safari to version 5.0.4, fixing 62 vulnerabilities. But Vupen was still able to break the browser.

"Apple has just released Safari 5.0.4 and iOS 4.3 a few minutes before the Pwn2Own contest," Vupen said on its Twitter account several hours before the contest began. "This breaks some exploits but not all!!"

HP TippingPoint, the security company that sponsors Pwn2Own, said earlier today that the last-minute Safari updates could affect who was awarded prize money.

TippingPoint's Peter Vreugdenhil said the browsers were "frozen" two weeks before today's tip-off with the then-current versions of Safari, Google's Chrome 9, Microsoft 's IE8 and Mozilla's Firefox 3.6, to give researchers a stationary target.

"Exploit development does sometimes rely on certain versions and that is the reason we have frozen the devices," Vreugdenhil said.

But the Safari patches still had a part to play in Vupen winning. If the vulnerability used by Vupen to hack Safari had been fixed in 5.0.4, TippingPoint would not have been awarded the $15,000 prize.

Instead, the money would have gone to the first researcher who exploited the 'frozen' version of Safari - 5.0.3 was on the MacBook Air - using a bug still present in today's update.

See also: Apple 'to patch Safari before Pwn2Own'


IDG UK Sites

iPad mini 3 vs iPad mini 2 comparison: New iPad mini 3 isn't worth £80 more

IDG UK Sites

Why you shouldn't buy the iPad mini 3: No wonder Apple gave it 10 seconds of stage time

IDG UK Sites

View an animated vision of a better future for Ethiopian girls

IDG UK Sites

Should I upgrade from Mavericks to OS X 10.10 Yosemite? What you need to know before updating to...