The Pwn2Own contest at this week’s CanSecWest Applied Security conference in Vancouver, has once again claimed a number of victims.
The contest saw hackers have their way with the Apple iPhone, Mac and Safari, as well as Mozilla Firefox and Microsoft Internet Explorer.
“A bug in Safari was exploited that extracted the SMS database from the phone and uploaded it to a server,” Zynamics CEO Halvar Flake explained in a blog post.
The Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) protections in Windows 7 were circumvented by contestants as part of their efforts to exploit Firefox and Internet Explorer (IE) 8. The IE attack was the work of Dutch hacker Peter Vreugdenhil, who published a paper (PDF file) on his methods. The paper omits certain details of the attack.
A researcher from UK-based MWR Info Security going by the hacker-name “Nils” circumvented the ASLR and DEP features on Windows 7 and exploited a flaw in Firefox. In an interview here, he explained that part of the issue was Mozilla’s “implementation of the protection mechanisms themselves,” and that getting around Microsoft’s protections was the hardest part of the attack.
Well-known Mac security researcher Charlie Miller of Independent Security Evaluators once again took down the Mac OS X operating system, this time using a drive-by download attack on Safari 4 to get control of the computer.
According to contest rules, the details of the vulnerabilities must be disclosed to the affected vendors.
Multiple pension funds in Australia have been hit in co-ordinated hacking attacks, and unfortunately customers…
Inspector General at the Pentagon confirms investigation into the use of Signal app by US…
After a two month hiatus following crashes of a new drone model, Amazon has resumed…
Marking 50 years of Microsoft, this editorial reflects on its evolution from startup to tech…
But will Beijing or ByteDance allow sale? Amazon joins potential bidders for TikTok in US,…
Elon Musk dismisses report that Trump told cabinet that he expects Musk to leave his…