Pwn2Own: IE8, Safari, iPhone4, BlackBerry Torch hacked

Crackers successfully `pwned' (hacked) Internet Explorer 8 and Apple Safari browsers, however, with vulnerabilities also being exploited on various smartphones, including Apple's iPhone 4 and RIM's BlackBerry Torch 9800.

According to newswire reports, Apple's Safari was the first to be cracked, with a weakness in the open-source browser rendering engine, Webkit. This was followed by Microsoft's IE8 which was found to have three security vulnerabilities.

The Heisse Online newswire says that IE8 was cracked by Irish developer Stephen Fewer, "though he had to connect three different security holes to get around the browser's protected mode and other security mechanisms."

The attacks, says the newswire, were anything but easy.

"The 64-bit operating system had all of the current patches and security mechanisms, such as DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomisation), were enabled and all of which had to be overcome to launch the calculator application", the newswire adds.

Heisse Online went on to say that the processes of Internet Explorer under Windows 7 all ran at low integrity levels, meaning that the executions could not write into normal directories - which was needed to qualify for a complete `Pwn' in the competition.

"No-one had a go at Chrome; although two parties registered, one did not show up at the competition, and the other told the organisers that they did not have a working exploit", the newswire noted.

What’s Hot on Infosecurity Magazine?