Pwn2Own 2011 may be coming to a close, but not before the annual hackathon exposed Safari and IE8 as the most vulnerable browsers of the lot. Cybersecurity experts and IT hobbyists alike have spent the last few days trying to find and expose gaping holes in familiar browsers, including Firefox, Chrome, and of course Safari and Internet Explorer.
Internet Explorer hasn’t fared well in pasts tests, and didn’t this time either. However, Microsoft just confirmed that IE9 will be here in days and that users should expect some noticeable improvements. And at least it didn’t come in last; that honor was bestowed upon Safari. According to ComputerWorld, it took a measly five seconds to break into Safari using a MacBook Air. And this was post Apple’s most recent browser upgrade, which repaired some holes and clearly left others open. French security firm Vupen took home the $15,000 prize for its Safari hack, and ominously tweeted before taking a crack at the browser, “Apple has just released Safari 5.0.4 and iOS 4.3 a few minutes before the Pwn2Own contest. This breaks some exploits but not all!!”
Chrome has remained untouched, meaning Google will be able to hold onto its $20,000. Last month, the company said it would put $20,000 into the hands of the hacker that could bring down its browser. Apparently there were names registered to give it a go, but both bailed. “The first contestant was a no-show, and the other team wanted to work on their BlackBerry vulnerability. So it doesn’t look like anyone will try Chrome,” Aaron Portoy of TippingPoint’s security research team (Pwn2Own organizers) told ComputerWorld. But don’t celebrate too early, Google loyalists – the contest doesn’t end until tomorrow.
Chrome has been chipping away at IE’s lead among browsers recently, and doubled its own market share over 2010. Safari also saw its numbers rise, thanks largely to its massive sales of Macs and iOS devices over the year. Of course, Firefox is another market leader, which has yet to be exploited by Pwn2Own contestants.
- Google found another critical security flaw in Microsoft Edge
- The best web browsers
- Researchers exploit flaws in two browsers installed on MacOS devices
- Microsoft misses another Edge-related 90-day security disclosure deadline
- Is your browser mining bitcoin? ‘Malvertisements’ are hijacking Google Ads