Pwn2Own Stories November 13, 2014

iPhone 5s, Samsung Galaxy S5 and Nexus 5 hacked at Pwn2Own

HP’s annual two-day Mobile Pwn2Own competition came to a close this afternoon, with a group of veteran security researchers and other competitors able to compromise several flagship smartphones across the top-three mobile operating systems: Android, iOS and Windows Phone. The devices that were exploited include the iPhone 5s, Samsung Galaxy S5, Nexus 5, Amazon Fire Phone and Nokia Lumia 1520.

Pwn2Own Stories March 14, 2014

As usual, the annual Pwn2Own contest featured many hackers targeting the latest operating systems and browsers from the major vendors, including Apple. Threatpost reports that the “Keen Team” focused Safari on Thursday and exploited it with relative ease.

The team took home a $40,000 bounty for their efforts on Safari, as well as a share in a $75,000 prize for co-engineering a zero-day Flash exploit. They say they will donate some of their winnings towards charities representing missing Malaysian Airplane passengers.

The group say that for Safari, they used two different exploit vectors. One vulnerability was a heap overflow in WebKit that enabled arbitrary code execution. The team then used this opening to use another exploit to bypass the application sandbox and run code as if it was user privileged.

expand full story

Pwn2Own Stories March 10, 2011

Why is it that Apple’s otherwise excellent Safari browser seems to be more prone to vulnerabilities than rival offerings from Microsoft, Google and Mozilla? Ever since security whiz Charlie Miller in 2008 broke into the MacBook Air in two minutes through Safari, the browser has been the subject of intense criticism for its various security weaknesses. Well, Safari just got pwned again at yesterday’s HP TippingPoint-sponsored hacking challenge at the CanSecWest security conference in Vancouver, British Columbia.

This time, the bragging rights belong to the French security firm Vupen which won a cool $15,000 and a MacBook Air for beating its perks in pwning Apple’s browser. It took the team just a few seconds to exploit an unpatched Safari vulnerability. “We pwned Apple Safari on Mac OS X (x64) at pwn2own in 5 seconds,” they tweeted. expand full story

Powered by WordPress.com VIP