Safari owned by French security experts within 5 seconds at Pwn2Own hacker challenge

Wed, Mar 9, 2011


Well that sure didn’t take long. Apple’s Safari browser was hacked within just 5 seconds of visiting a specific website at this year’s Pwn2Own hacker challenge. The victorious researchers were French security experts from the security firm VUPEN. The company was awarded $15,000 cash and can now lay claim to a new 13-inch MacBook Air.

Apple issued a few security updates to its Safari browser over the past few days and it remains unclear just what version of Apple’s web browser was used during the competition. In any event, here’s how it went down.

VUPEN co-founder Chaouki Bekrar lured a target MacBook to a specially rigged website and successfully launched a calculator on the compromised machine.

The hijacked machine was running a fully patched version of Mac OS X (64-bit).

In an interview with ZDNet, Bekrar said the vulnerability exists in WebKit, the open-source browser rendering engine.   A three-man team of researchers spent about two weeks to find the vulnerability (using fuzzers) and writing a reliable exploit

Berkar explained that the performed exploit was challenging due to the lack of existing documentation regarding 64-bit OS X exploitation. ”We had to do everything from scratch,” said Berkar, “We had to create a debugging tool, create the shellcode and create the ROP (return oriented programming) technique.”

But in the end, the exploit was executed as planned.

“The victim visits a web page, he gets owned. No other interaction is needed,” said Bekrar.

via ZDNet


, , ,

1 Comments For This Post

  1. buddabob Says:

    I read that it took a three man team about two weeks to discover the weakness and create the exploit… that seem like a lot more than a few seconds. How much of a head start do these guys get ? Three security experts working for ten days using all the “tools” that a security firm might have… But the headline screams 5 seconds… I still feel safe with my Mac.

eXTReMe Tracker