Pwn2Own: Safari, iPhone, IE, and Firefox All Fall

pwn2own safari iphone ie and firefox all fall zero day initiative logo

The Pwn2Own contest at the annual CanSecWest conference in Vancouver, British Columbia has become something of a media event for security researchers, a chance for them to step out from behind glowing LCDs and demonstrate that some of the security threats they’ve hinted could impact everyday computer users are real—and pick up some cash money for their efforts. And this year, they did not disappoint: at the Pwn2Own contest, Apple’s iPhone and Safari fell first to security experts, followed in short order by Internet Explorer 8 and Firefox on Windows 7.

On the Macintosh, the star of Pwn2Own this year was again Charlie Miller of Independent Security Evaluators, who picked up the $10,000 top prize by demonstrating a takeover attack on Safari an Apple MacBook Pro that granted complete access to the machine without requiring any physical access—all the Safari user had to do was visit a Web site with malicious code. Miller won $10,000 n 2008 for breaking into a MacBook Air, and $5,000 last year by exploiting another security loophole in Apple’s Safari browser.

Dutch security researcher Peter Vreugdenhil also won $10,000 for a security exploit that bypassed security features in Microsoft’s Internet Explorer 8. A researcher from the UK’s MWR InfoSecurity named Nils—no last names, please—picked up another $10,000 for an exploit targeting Firefox on the the 64-bit version of Windows 7. Last year, Nils picked up $15,000 for a collection of exploits that targeted Firefox, Safari, and Internet Explorer 8.

Perhaops the star of the show, however, was Apple’s iPhone, which fell victim to Ralf Philipp Weinmann and Vincenzo Iozzo, of the University of Luxembourg and the German company Zynamics (respectively), who will share a $15,000 prize.

Researchers aren’t sharing the specifics of their attacks with the general public, in order to give browser and operating system developers a change to patch the loopholes. However, Miller’s attack on Safari is being described as so reliable that, in information security terms, it’s “weaponized.” Vreugdenhil’s attack on IE8 was a four-part process that exploited two separate vulnerabilities; as with Miller’s Safari attack, it launched from a user connecting to a Web site containing malicious code. Nils’ attack on Firefox exploited a memory corruption bug.

Weinmann and Iozzo’s attack on the iPhone also involved visiting a site bearing malicious code; the technique bypassed the iPhone’s code-signing requirement and could be used to access an iPhone’s SMS database, contacts, photos, or other data.

The Pwn2Own contest is sponsored by TippingPoint’s Zero Day Initiative.

As of the start of the second day of the Pwn2Own contest, Google’s Chrome 4 remains the only browser left standing…but that’s probably because it wasn’t tested at all on the first day.

Product Review

Fascinating Finney phone is crypto in a nutshell: Exciting, but also terrifying

The Sirin Labs Finney phone is to cryptocurrency what the iPhone is to Apple Pay. It facilitates the payment, processing, and exchanging of cryptocurrencies on a smartphone, and surprisingly does it in a user-friendly way.
Computing

Chrome is a fantastic browser, but is is still the best among new competitors?

Choosing a web browser for surfing the web can be tough with all the great options available. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most users.
Gaming

You're never too broke to enjoy the best free-to-play games

Believe it or not, free-to-play games have evolved into engaging, enjoyable experiences. Here are a few of our favorites that you can play right now, including Warframe and the perennially popular League of Legends.
Deals

Amazon cuts prices on the Apple Watch Series 3 for Presidents’ Day

The Apple Watch Series 3 is seeing the same price cut we saw during the Amazon sale just last week. So if you're hoping to pick up an Apple Watch for less than $250, this $50 discount from Amazon can make that happen for you.
Deals

It’s time to check out the best Apple Watch deals for February 2019

The Apple Watch has surged to prominence in recent years. If you're in the market for an iOS wearable, we've sniffed out the best Apple Watch deals available right now for all three models of this great smartwatch.
Deals

Need a new tablet? Here are the best iPad deals for February 2019

In the wide world of tablets, Apple is still the king. If you're on team Apple and just can't live without iOS, we've curated an up-to-date list of all of the best iPad deals currently available for December 2018.
Mobile

With Galaxy S10e, Samsung unapologetically rips a page out of Apple’s playbook

Samsung's Galaxy S10e -- a new entry in the Galaxy S-series -- has a few things in common with Apple's lower-cost iPhone XR. From the price tag to the color, we take a look atthe similarities.
Deals

Apple brings back the iPhone SE with a $100 clearance discount included

Apple is offering the iPhone SE on their online clearance store once again. With discounts of $100, you can get a brand new unlocked iPhone SE for as little as $249. This offer is only available while supplies last.
Deals

Looking to upgrade? These are the best iPhone deals for February 2019

Apple devices can get expensive, but if you just can't live without iOS, don't despair: We've curated an up-to-date list of all of the absolute best iPhone deals available for February 2019.
Deals

From Air to Pro, here are the best MacBook deals for February 2019

If you’re in the market for a new Apple laptop, let us make your work a little easier: We hunted down the best up-to-date MacBook deals available online right now from various retailers.
Mobile

Apple stomps on one FaceTime bug, only to have another one appear

Having fixed a FaceTime bug that let users eavesdrop on calls, another issue with Apple's video chat app appears to have surfaced. It concerns adding people to group calls, though there is a workaround.
Deals

Protect your iPhone or iPad with the IPVanish VPN, on sale through February

One of our favorite virtual private networks for iPhones and iPads, IPVanish, is now offering a huge discount on its two-year subscription as part of its 7th-birthday promotion. Read on to find out more about how this VPN works and how you…
Product Review

Sleek and expensive, the Apple TV 4K will still delight the Apple faithful

Is Apple’s latest streaming set-top box a revolution, or too little too late? Find out in our Apple TV 4K review, and learn how this device wins in some big categories, but falters in others.
Deals

The 5 best Apple AirPods alternatives for Android, Windows, and iOS devices

Apple AirPods, nice as they are, aren't the only game in town. Other makers are offering their own truly wireless earbuds, and if you're looking to buy a pair of high-end in-ear headphones, we've got the best AirPod alternatives on the…