The Pwn2Own contest at this week’s CanSecWest Applied Security conference in Vancouver, has once again claimed a number of victims.
The contest saw hackers have their way with the Apple iPhone, Mac and Safari, as well as Mozilla Firefox and Microsoft Internet Explorer.
“A bug in Safari was exploited that extracted the SMS database from the phone and uploaded it to a server,” Zynamics CEO Halvar Flake explained in a blog post.
The Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) protections in Windows 7 were circumvented by contestants as part of their efforts to exploit Firefox and Internet Explorer (IE) 8. The IE attack was the work of Dutch hacker Peter Vreugdenhil, who published a paper (PDF file) on his methods. The paper omits certain details of the attack.
A researcher from UK-based MWR Info Security going by the hacker-name “Nils” circumvented the ASLR and DEP features on Windows 7 and exploited a flaw in Firefox. In an interview here, he explained that part of the issue was Mozilla’s “implementation of the protection mechanisms themselves,” and that getting around Microsoft’s protections was the hardest part of the attack.
Well-known Mac security researcher Charlie Miller of Independent Security Evaluators once again took down the Mac OS X operating system, this time using a drive-by download attack on Safari 4 to get control of the computer.
According to contest rules, the details of the vulnerabilities must be disclosed to the affected vendors.
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…