Pwn2Own hackfest: Apple goes down, Google, Android unscathed

Reports are coming in from the Pwn2Own annual hacking contest.  These things are always great to read about and fun to watch.  Apparently, the Apple Safari Browser was compromised in a blazing 5 seconds by using a specially crafted web page.  In preparation for the contest several of the leading web browsers released updates to try and secure their respective products.  Also quickly hacked were the iPhone 4 browser and RIM Blackberry Torch 9800.  Internet Explorer version 8 was another victim of hacks as well as Firefox.

The security update Apple released ahead of the hacking contest patched some 64 potential security flaws, but missed the one exploited by the Vupen team. That turned out to be good news for the team because they were attacking Safari 5.0.3, but if their exploit had been patched with the just released 5.0.4 update they wouldn’t have won the prize.

Surprisingly. Google’s Chrome browser was not compromised under the auspices of the event.  They even offered a $20,000 prize that was hardly challenged.  Experts point at the extensive use of sandboxing in the Chrome application as a deterrent.  Additionally Google released up to 25 updates just two days ago in anticipation of the challenge.   Microsoft notably did not release any updates ahead of the event.  Google’s Android was also not compromised after the crafted attacks as well as Windows 7 mobile.

Each year, members of the community gather for this event held during the CanSecWest security conference, and participants gather their hacking efforts to compromise technology devices.  Vulnerabilities discovered and exploited during the contest are not released until the vendors have been notified of the details of the compromise and they have been corrected.