Well that sure didn’t take long. Apple’s Safari browser was hacked within just 5 seconds of visiting a specific website at this year’s Pwn2Own hacker challenge. The victorious researchers were French security experts from the security firm VUPEN. The company was awarded $15,000 cash and can now lay claim to a new 13-inch MacBook Air.
Apple issued a few security updates to its Safari browser over the past few days and it remains unclear just what version of Apple’s web browser was used during the competition. In any event, here’s how it went down.
VUPEN co-founder Chaouki Bekrar lured a target MacBook to a specially rigged website and successfully launched a calculator on the compromised machine.
The hijacked machine was running a fully patched version of Mac OS X (64-bit).
In an interview with ZDNet, Bekrar said the vulnerability exists in WebKit, the open-source browser rendering engine. A three-man team of researchers spent about two weeks to find the vulnerability (using fuzzers) and writing a reliable exploit
Berkar explained that the performed exploit was challenging due to the lack of existing documentation regarding 64-bit OS X exploitation. ”We had to do everything from scratch,” said Berkar, “We had to create a debugging tool, create the shellcode and create the ROP (return oriented programming) technique.”
But in the end, the exploit was executed as planned.
“The victim visits a web page, he gets owned. No other interaction is needed,” said Bekrar.