Pwn2Own 2011: Safari on MacBook Pro and IE8 on Windows 7 Hijacked

At the annual pwn2own competition in Vancouver B.C., Canada, both Safari and Internet Explorer 8 were successfully exploited due to a "zero-day" flaw in the software.The first to fall, was Safari on a MacBook Pro running a fully patched Mac OS X Snow Leopard (64-bit). The hacker exploited Safari by opening a compromised website, successfully […]

At the annual pwn2own competition in Vancouver B.C., Canada, both Safari and Internet Explorer 8 were successfully exploited due to a "zero-day" flaw in the software.

The first to fall, was Safari on a MacBook Pro running a fully patched Mac OS X Snow Leopard (64-bit). The hacker exploited Safari by opening a compromised website, successfully launching a calculator on the machine. VUPEN security was the team that successfully hacked Safari. The security firm said that the vulnerability exists in WebKit, and took just two weeks to write a script that can 'own' a Mac user.

Next on the list was, Internet Explorer 8, running on a fully patched Windows 7 SP1 (64-bit). Stephen Fewer, the Irish security researcher who successfully hacked IE8 used three different vulnerabilities found in the software to launch the calculator (calc.exe) application.

The attack successfully bypassed DEP and ASLR, two key protection mechanisms built into the newest versions of Windows.

"I had to chain multiple vulnerabilities to get it to work reliably," Fewer said in an interview.

For his efforts, Fewer won a $15,000 cash prize and a new Windows laptop.

Both of the Safari and IE8 exploits required the hacker to not only bypass DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization), but required the hacker to launch the calculator on the compromised machine.