Pwn2Own: Safari, iPhone, IE, and Firefox All Fall

pwn2own safari iphone ie and firefox all fall zero day initiative logo

The Pwn2Own contest at the annual CanSecWest conference in Vancouver, British Columbia has become something of a media event for security researchers, a chance for them to step out from behind glowing LCDs and demonstrate that some of the security threats they’ve hinted could impact everyday computer users are real—and pick up some cash money for their efforts. And this year, they did not disappoint: at the Pwn2Own contest, Apple’s iPhone and Safari fell first to security experts, followed in short order by Internet Explorer 8 and Firefox on Windows 7.

On the Macintosh, the star of Pwn2Own this year was again Charlie Miller of Independent Security Evaluators, who picked up the $10,000 top prize by demonstrating a takeover attack on Safari an Apple MacBook Pro that granted complete access to the machine without requiring any physical access—all the Safari user had to do was visit a Web site with malicious code. Miller won $10,000 n 2008 for breaking into a MacBook Air, and $5,000 last year by exploiting another security loophole in Apple’s Safari browser.

Dutch security researcher Peter Vreugdenhil also won $10,000 for a security exploit that bypassed security features in Microsoft’s Internet Explorer 8. A researcher from the UK’s MWR InfoSecurity named Nils—no last names, please—picked up another $10,000 for an exploit targeting Firefox on the the 64-bit version of Windows 7. Last year, Nils picked up $15,000 for a collection of exploits that targeted Firefox, Safari, and Internet Explorer 8.

Perhaops the star of the show, however, was Apple’s iPhone, which fell victim to Ralf Philipp Weinmann and Vincenzo Iozzo, of the University of Luxembourg and the German company Zynamics (respectively), who will share a $15,000 prize.

Researchers aren’t sharing the specifics of their attacks with the general public, in order to give browser and operating system developers a change to patch the loopholes. However, Miller’s attack on Safari is being described as so reliable that, in information security terms, it’s “weaponized.” Vreugdenhil’s attack on IE8 was a four-part process that exploited two separate vulnerabilities; as with Miller’s Safari attack, it launched from a user connecting to a Web site containing malicious code. Nils’ attack on Firefox exploited a memory corruption bug.

Weinmann and Iozzo’s attack on the iPhone also involved visiting a site bearing malicious code; the technique bypassed the iPhone’s code-signing requirement and could be used to access an iPhone’s SMS database, contacts, photos, or other data.

The Pwn2Own contest is sponsored by TippingPoint’s Zero Day Initiative.

As of the start of the second day of the Pwn2Own contest, Google’s Chrome 4 remains the only browser left standing…but that’s probably because it wasn’t tested at all on the first day.


Apple is still selling iPhones in China despite being ordered not to

Apple is following the FTC's lead and has sued Qualcomm for a massive $1 billion in the U.S., $145 million in China, and also in the U.K., claiming the company charged onerous royalties for its patented tech.
Movies & TV

The best shows on Netflix, from 'Haunting of Hill House’ to ‘Twilight Zone’

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.

How to switch from iPhone to Android: The ultimate guide

If you've decided to bridge the great tech divide and leave Apple's walled garden for the unknown shores of Android, then you'll find all the tips and advice you need to begin switching from an iPhone to an Android device.

Which Macs are compatible with MacOS Mojave?

Is your computer ready for Apple's big Mojave update? Here's what you need to know about MacOS Mojave compatibility, what Macs can successful download Mojave, and the requirements you need to know about.

MacBook Pro battery replacement: Everything you need to know

Looking for a new battery for your MacBook Pro? It's important you know what to look for, what model you have, and what options Apple gives you! We'll cover everything you need to know about Apple MacBook Pro battery replacement.

Is somebody watching you? How to stop apps from tracking your location

If you don't like the idea of your every movement being tracked by apps on the phone in your pocket, then you may want to turn location tracking off. We take a look at how to do it on an iPhone or Android phone in this easy guide.

Score a Christmas deal with Speck’s half-off sale on its entire range of cases

The holidays might be nearing, but bargains don't take time off. To celebrate the last day for U.S. ground shipping, Speck will be offering a sitewide 50-percent-off deal for one day only on Monday December 17.

Walk, run, and stretch with these handy iPhone fitness apps

Working out and getting yourself in shape isn't easy, but it's easier with the right set of apps. These best iPhone fitness apps will help you to track your calories, monitor your sleep, and achieve your fitness goals.

Save up to $800 with the best smartphone deals for December 2018

Need a better phone but don't want to spend a fortune? It's never a bad time to score a new smartphone and save some cash. We rounded up the best smartphone deals available that can save you as much as $800.

The best protective iPhone cases to defend against dirt, dings, and drops

If you’re going off-road or work outdoors, it could be a good idea to invest in a tough case. These are our picks of the best protective iPhone cases for all iterations of the iPhone, from the iPhone XS to the 7.

Give Rachael Ray a run for her money with these 13 recipe apps

You don’t have to be Gordon Ramsay to make a killer meal, you just need an easy to follow recipe app. We’ve compiled our 13 favorite cooking apps for Android smartphones and iPhones, including countless recipes to suit any taste.

Declutter your life with our favorite wireless chargers for Android and iPhones

We checked out the best wireless phone chargers to make tangles and uncooperative ports a thing of the past. Whether you have an iPhone or Android, find out which wireless charging pads are worth buying, and how their features compare.

5G’s arrival is transforming tech. Here’s everything you need to know to keep up

It has been years in the making, but 5G is finally becoming a reality. While 5G coverage is still extremely limited, expect to see it expand in 2019. Not sure what 5G even is? Here's everything you need to know.

Which smartphone manufacturers won and lost in 2018

As the curtain comes down on 2018, we take a look at the big successes and failures in the smartphone market over the last 12 months. Which phone maker had the best year, and who had a year to forget?