Pwn2Own contest: Researcher hacked 'iPhone, Safari, IE 8, Firefox' browsers

Researchers demonstrated that they could hack a non-jailbroken iPhone, Safari running on Snow Leopard and Internet Explorer 8 and Firefox on Windows 7 as part of annual Pwn2Own contest at CanSecWest security show. Charlie Miller won $10,000 after hacking Safari on a MacBook Pro without having physical access to machine, declined to provide details on […]

Researchers demonstrated that they could hack a non-jailbroken iPhone, Safari running on Snow Leopard and Internet Explorer 8 and Firefox on Windows 7 as part of annual Pwn2Own contest at CanSecWest security show. Charlie Miller won $10,000 after hacking Safari on a MacBook Pro without having physical access to machine, declined to provide details on his exploit, but said target computer was compromised after visiting a Web site hosting malicious code. To hack IE 8, Peter Vreugdenhil said he exploited two vulnerabilities in a four-part attack that involved bypassing ASLR (Address Space Layout Randomization) and evading DEP (Data Execution Prevention), which’re designed to help stop attacks on browser. As in other attacks, system was compromised when the browser visited a Web site hosting the attack code. Nils said he exploited a memory corruption vulnerability and also had to bypass ASLR and DEP as a result of a weakness in Mozilla's implementation. "It's Mozilla's turn to fix this," he said. "If properly used, they can be good mitigators." For iPhone contest, Iozzo and Weinmann wrote an exploit in about two weeks designed to steal contents of SMS database on an iPhone. To accomplish attack the target iPhone was used to visit a Web site hosting exploit code. "The payload executes and uploads the local SMS database of the phone to the server we control," said Weinmann.

More info: iPhone, Safari, IE 8, Firefox hacked in CanSecWest contest