AAPL Stock: 113.29 ( + 0.37 )

Printed from

IE8, Safari and Firefox all hacked at Pwn2Own

updated 04:25 pm EDT, Thu March 19, 2009

Pwn2Own results

On the first day of the Pwn2Own contest at the CanSecWest conference, hackers successfully compromised fully-patched copies of Internet Explorer 8, Safari and Firefox, according to ZDNet. A MacBook running Safari was hacked in seconds by Charlie Miller, winning him the notebook and a $10,000 purse. His previous performance was also impressive, requiring just minutes to take control of a MacBook Air.

An individual known as Nils was able to hack a Sony Vaio running Windows 7 and a patched version of IE8, Firefox and Safari. He also took advantage of vulnerabilities in Firefox and Safari, winning a cash prize and the Vaio notebook.

Company representatives were present to view the exploits. Terms of the contest require that the vulnerabilities remain undisclosed until the software companies have a chance to release a patch.

by MacNN Staff





  1. Mr. Strat

    Joined: Dec 1969



    Show me someone hacking in without admin rights...without physical access...then I might be impressed. Pulling a cheap trick that relies on PEBCAK...BFD.

  1. martinX

    Joined: Dec 1969


    Great contest

    This gives white hat hackers a chance at (a) remuneration and (b) kudos. Might help keep people away from the Dark Side.

  1. Zkatz007

    Joined: Dec 1969



    Didn't this already happen? And weren't @Mr. Strat's arguments stated then, too?

  1. lkrupp

    Joined: Dec 1969


    The only problem is...

    The various tech media a reporting ONLY that Safari was compromised. They aren't mentioning the other browsers. Only Mac media sites are reporting that all three browsers were hacked. I wonder why that is?

  1. johnsonua

    Joined: Dec 1969


    Hardly 'just minutes'

    They were allowed to do all the work in advance, finding the exploit, crafting a web page to take advantage of it and the on-scene 'exploit' consisted of the winners directing the people at the keyboards to "click on the link here, please".

    This is merely cheap gimmicry.

    When he can attack a Mac without having the user unlock the front door for him and invite him in, then it will be newsworthy.

  1. mgpalma

    Joined: Dec 1969



    My house can be broken into and everything valuable stolen in just 5 long as the alarm is disarmed and the front door is unlocked.


  1. testudo

    Joined: Dec 1969


    Re: newsflash

    Not the same thing.

    If they logged into the computer as an admin, left it on, walked away, and then someone else walked up to the machine and claimed "I hacked it!", then that would be the same thing.

    Almost every windows flaw and piece of malware is due to social engineering. Trying to get people to go to web-site A to get some video codec to see Britney spears having L****** s** with justin timberlake. Or convincing them that they need to download the latest flash plug-in (and browsers making that so much easier to con people, as users now expect the browser to install it for you, rather than downloading it yourself, then finding the disk image, opening it up, and then running the installer).

  1. testudo

    Joined: Dec 1969



    And if the article was all about how IE 8 was 'hacked' in the same manner, everyone here would be chortling about how insecure MS software is and such, and not defending it as a social engineering issue.

  1. fubar_this

    Joined: Dec 1969


    Social engineering==real

    I don't know why EVERYBODY thinks that social engineering attacks don't count. That's ALL THAT EXISTS ON WINDOWS. Look it up. The last self-spreading attack on Windows occurred in 2006 (and it was caused by QuickTime ironically enough).
    Self-spreading malware has been eliminated due to software firewalls and egress filtering. But malware that spreads by asking users to click on a link is very much real, and very very real on the Mac.

    Safari/WebKit/QuickTime have had over 70 vulnerabilities every year since 2005. That's not an insignificant number, and in some years it topped Internet Explorer's vulnerability count.

    Social engineering attacks are very real. Nearly EVERYBODY runs their Mac as admin, and Mac users are no more or less likely to be susceptible to a social engineering attack than a Windows user. Why do you think Apple added anti-phishing and other anti-social engineering meausres to Safari recently?

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...

MSI Geforce GTX 970 100ME

When Nvidia announced a new line of video cards in September 2014, many people thought things would continue to be business as usual i ...

Wren V5US Wireless Sound System

If you're a music fanatic, chances are you are, by extension, a bit fanatical about what you listen to your music on. If you're like ...


Most Commented