Pwn2Own: hacking web browsers

[diogen]

Here
http://arstechnica.com/security/news/2011/03/pwn2own-day-one-safari-ie8-fall-chrome-unchallenged.ars
Making sport of browser security, hackers topple IE, Safari ? The Register
http://www.engadget.com/2011/03/10/safari-and-ie8-get-shamed-at-pwn2own-chrome-still-safe-for-n/

Internet Explorer not able to withstand scrutiny is almost a given,
but for the fifth year in the row Safari on the Mac didn't last any longer.

First up, and first to fall, was Safari 5.0.3 on fully-patched Mac OS X 10.6.6.
French security firm VUPEN was first to attack the browser, and five seconds after the browser visited
its specially-crafted malicious web page, it had both launched the platform calculator application...
The successful hack came in spite of a large security patch, Safari 5.0.4, that Apple released
ahead of the competition, patching some 60 security holes in the browser.

So much for "we don't need no stinkin' virus/malware protection"...

Diogen.

 

[lparsons21]

Well, theoretically we probably should have protection on the Mac. But then none of these hacks and proofs ever seem to show up anywhere.

Well, on very rare occasions they show up on porn and pirate sites...

I used to have anti-virus software on one of my Macs. But it never found anything other than windows virii, so I took it off.

 

[Foxbat]

First up, and first to fall, was Safari 5.0.3 on fully-patched Mac OS X 10.6.6. ... The successful hack came in spite of a large security patch, Safari 5.0.4, that Apple released ahead of the competition, patching some 60 security holes in the browser.

I wonder why they identified Safari as 5.0.3 instead of 5.0.4? Which is it?

From the Register article:

“Just after visiting the webpage with the affected version of Safari, we can, for example, launch the calculator or open a shell or do anything else we want,” he said a minute or two after demonstrating the exploit at the contest, which was attended by members of Apple's security team. “We have the same privileges as the user who visited the webpage.”

This is why people who run as Administrator/SU/root are asking for trouble. Even on non-Windows platforms this is A Very Bad Idea.

BTW, I'm posting this in Chrome, the only browser that wasn't exploited... Of course, no one actually took Google up on their $20K offer and tried.

 

[mike123abc]

They froze the version to hack last week so 5.0.3 was the current version last week. But, to win cash they had to also defeat 5.0.4, which they also defeated.

They really need to make VT a standard processor feature so the browser can run on a virtual machine protected by hardware and not allowed out by buggy software.

 

[mdram]

So far, hackers have not been able to exploit Mozilla Firefox 3.6, Google Chrome, and the mobile Android OS.

Victims of the contest include Internet Explorer 8, Apple Safari 5, iOS 4 and BlackBerry.

All the security researchers who manage to exploit the browsers or operating systems take home a cash prize of $15,000 and a laptop. If Chrome gets beaten, the researcher takes home $20,000.

Charlie Miller beat the iPhone 4 with iOS and has taken home the prize in 2007, 2009, 2010 and this year.

Firefox fixed 10 security flaws the day before the contest started, and Google fixed 9. Chrome has yet to be defeated since its launch in 2008, while Firefox was beaten in 2009 and 2010.

Security researchers from VUPEN beat Safari 5, rather easily: "We pwned Apple Safari on Mac OS X (x64) at Pwn2Own in 5 seconds."

 

[Foxbat]

Just because someone didn't collect the money doesn't mean that an exploit doesn't exist. But maybe this points to something that modern CPUs sacrificed on the alter of RISC: Hardware Memory Managers that are tied closely to the OS to manage what can and cannot be done to memory. Code regions should be unwritable by the process, and Data regions should be impossible to execute, even in Kernel Mode. Death of the Process when these rules are violated is key: Denial of Service is preferable to Infection.

 

[DodgerKing]

I read somewhere that MACs are actually more vulnerable and easier to hack than PCs. This is because they do not get hacked so therefor nobody can protect against something that is unknown. The reason why they don't get hacked is not because they can't be hacked, but because they represent less than 10% of the market, so hackers are not going to waste their time with something so minor

 

[Scott Greczkowski]

Macs os is based on FreeBSD which is considered one of the most secure versions of unix.

Sent from my EVO using the SatelliteGuys App

 

[charper1]

I read somewhere that MACs are actually more vulnerable and easier to hack than PCs. This is because they do not get hacked so therefor nobody can protect against something that is unknown. The reason why they don't get hacked is not because they can't be hacked, but because they represent less than 10% of the market, so hackers are not going to waste their time with something so minor

+1

 

[mike123abc]

One of the guys at the pwn2own said the difficulty in hacking Macs was that there was not a lot of interest in hacking them, so there was not a lot of exploits floating around the internet. Most of the hackers use known exploits (i.e. someone finds a vulnerability in Windows and the virus writers rush to use it). It is more of a chicken and the egg problem with hacking macs. Few are hacking them so exploits are not being found and published resulting in less interest in hacking them, finding new exploits.

 

[Foxbat]

Mac vs. Windows Exploits: PCs are where the money is. If the Black Hats can get a foothold inside a corporate firewall, the payoff can be huge. PCs are used for Process Automation and rarely (until recently) run antivirus or keep up with security patches. Pwning one of those has great potential for notoriety.