Skip to main content

Pwn2Own

See All Stories

iPhone 5s, Samsung Galaxy S5 and Nexus 5 hacked at Pwn2Own

HP’s annual two-day Mobile Pwn2Own competition came to a close this afternoon, with a group of veteran security researchers and other competitors able to compromise several flagship smartphones across the top-three mobile operating systems: Android, iOS and Windows Phone. The devices that were exploited include the iPhone 5s, Samsung Galaxy S5, Nexus 5, Amazon Fire Phone and Nokia Lumia 1520.
Expand
Expanding
Close

Contestants at Pwn2Own take down Safari, but said OS X security is better than other systems

<a href="http://www.pwn2own.com/photo-gallery/#prettyPhoto[]/13/">Pwn2Own</a>

As usual, the annual Pwn2Own contest featured many hackers targeting the latest operating systems and browsers from the major vendors, including Apple. Threatpost reports that the “Keen Team” focused Safari on Thursday and exploited it with relative ease.

The team took home a $40,000 bounty for their efforts on Safari, as well as a share in a $75,000 prize for co-engineering a zero-day Flash exploit. They say they will donate some of their winnings towards charities representing missing Malaysian Airplane passengers.

The group say that for Safari, they used two different exploit vectors. One vulnerability was a heap overflow in WebKit that enabled arbitrary code execution. The team then used this opening to use another exploit to bypass the application sandbox and run code as if it was user privileged.


Expand
Expanding
Close

Embarrassing: MacBook Air, Safari 5.0.4 pwned at hacking contest in five seconds

Site default logo image

Why is it that Apple’s otherwise excellent Safari browser seems to be more prone to vulnerabilities than rival offerings from Microsoft, Google and Mozilla? Ever since security whiz Charlie Miller in 2008 broke into the MacBook Air in two minutes through Safari, the browser has been the subject of intense criticism for its various security weaknesses. Well, Safari just got pwned again at yesterday’s HP TippingPoint-sponsored hacking challenge at the CanSecWest security conference in Vancouver, British Columbia.

This time, the bragging rights belong to the French security firm Vupen which won a cool $15,000 and a MacBook Air for beating its perks in pwning Apple’s browser. It took the team just a few seconds to exploit an unpatched Safari vulnerability. “We pwned Apple Safari on Mac OS X (x64) at pwn2own in 5 seconds,” they tweeted.

Expand
Expanding
Close

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications