Chrome Safe In Pwn2Own Contest
Chrome Safe In Pwn2Own Contest
Written by Harry Fairhead   
Saturday, 12 March 2011

IE8 and Safari were both hacked on the first day of the Pwn2Own contest but Chrome and Firefox survived.

As reported last month Google had offered an additional $20,000 dollars in addition to the hardware, cash and other prizes on offer in the annual Pwn2Own hacking competition that is part of the CanSecWest security conference.

It also went to great lengths to ensure it couldn't be hacked and paid nine researchers a total of $14,000 for finding vulnerabilities in its Chrome 9.0.597.107 browser. The outside researchers found 15 bugs, and Google identified four more and Google had patched all 19 flaws in time to meet the deadline.

In the event no-one even attempted the challenge as the individual challenger who has registered to hack Chrome was a no-show and the team that did turn up told the organisers they didn't have a Chrome exploit and targeted the BlackBerry instead. Leaving Chrome unexploited for the third year in a row.

 

chromelogo2

 

Safari 5.3.0 was the first browser to be cracked. A team from French security firm VUPEN won the MacBook Air 13" running Mac OS X Snow Leopard, $15,000 cash and 20,000 ZDI points. VUPEN co-founder Chaouki Bekrar said a team of three researchers took two weeks to assemble the successful exploit which made the browser visit a malicious page they crafted which allowed them to exploit a vulnerability in the browser, bypass OS protections like Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR), launch the calculator app in order to prove they could execute arbitrary code on the system and write a file on the hard disk demonstrating that the sandbox had been exited - the two conditions needed to be filled in order to consider the attack successful.

While the techniques used to bypass operating system protections like Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) are well-known, the specific use and adaptation of these techniques on 64-bit Safari is unusual and required developing tools and attack code from scratch.

Apple released Safari 5.0.4, which patched some 60 security holes in the version that VUPEN exploited, the day before the competition took place. This wasn't in time for the contest since the rules now stipulate that the configuration to be attacked has to be frozen a week in advance However the successful exploit would have worked even if the attack target had been the newer Safari 5.0.4. Apple has now issued a patch to protect against it.

Internet Explorer 8 was also successfully exploited by Irish Metasploit developer Stephen Fewer who connected three different security holes to get around the browser's protected mode and other security mechanisms. Microsoft has also already fixed the vulnerability in IE8 and has stated that it didn't exisit in IE9 that is due to launch on March 14.

Per the rules of the competition, full details of the pwn2own attacks, including the bypass techniques, won't be published until vendors have issued patches.

Further Reading

Google offers $20,000 for a Chrome hack

 

Banner


Apache Releases Trafodion
29/03/2018

Apache Trafodion has been moved from incubator status to become a high level project. Trafodion is a webscale SQL-on-Hadoop solution enabling transactional or operational workloads on Apache Hadoop.&n [ ... ]



Mozilla Makes WebAssembly For The Rest Of Us
16/04/2018

WebAssembly - it's the next big thing. Until now the problem has been that you had to be dedicated, to say the least, to get involved. Now Mozilla has a way that we can all try it out  with WebAs [ ... ]


More News

Last Updated ( Sunday, 20 March 2016 )
 
 

   
RSS feed of news items only
I Programmer News
Copyright © 2018 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.
Banner