Browser Safari 5 and IE8 successfully broken "Hacker"


Not unexpectedly made by Apple's Safari browser and Microsoft's Internet Explorer 8 have the same fate. Successfully uprooted hackers on the first day Pwn2Own contest that was held as part of the CanSecWest security technology conference in Vancouver, Canada, 9-11 March 2011. 

Researchers from the company's security system Vupen, France became the first team to successfully break through the Safari 5. Even according to the software version numbers, they do it in just five seconds. No kidding who uprooted the 64-bit versions of browsers running on Mac OS X Snow Leopard on the MacBook and is patched massive advance. 


Co-founder Vupen, Charouki Bekrar, and two members of his team worked hard for two weeks to find a weakness in Safari 5. They found him on the Webkit, the open source-based rendering engine used by the browser. They successfully exploit the weaknesses and went through the system via the ASLR (address space layout randomization) and DEP (Data Execution Prevention), two security features specifically designed to prevent malicious programs infiltrate. 


In fact, the team has made a special program for infiltrated through the hole weaknesses. These programs enable the calculator and infect a computer to retrieve access to the full. "Victims who visit a website, he will get caught. Without the necessary interaction whatsoever," said Bekrar. 


While IE8 security researchers solved the challenge of Ireland Stephen Fewer. He successfully break through the browser is running on 64 bit versions of Windows 7. To penetrate the security system IE8, Fewer found three weaknesses, two of whom were already anticipated from the beginning to exploit. With two weaknesses through it, he managed to find a third weakness to break through Protected Mode sandbox so it can access the system in full operation. As Vupen, he also successfully infiltrated by hacking into DEP and ASLR in Windows 7. 


For its success, Vupen carrying U.S. $ 15,000 and 13-inch MacBook Air computer that ditaklukannya. Fewer while also entitled to steal a prize of U.S. $ 15,000 and a Sony Vaio computer that had taken over his system.
According to the rules of the contest, all that successful exploitation techniques to penetrate these weaknesses will not be published. The organizers provide the data to TioipingPoint as the sponsor. Further info will be given to each vendor to give a chance to patch or repair up to 6 months before revealed to the public. 


The contest took place on the second day. However, other browsers, Chrome 9 and Firefox 3.6 failed uprooted any participant. Meanwhile, for the contest of mobile devices, iPhone 4 and BlackBerry Torch also successfully conquered. While Android and Windows 7 Phone survived. by:
eWeek