Safari and Internet Explorer are hacked first at Pwn2Own contest

THE WEB BROWSERS Safari and Internet Explorer were successfully hacked on the first day at the annual Pwn2Own hacking contest in Vancouver, BC.

"Safari goes down first at Pwn2Own!" tweeted Aaron Portnoy, manager of the security research team at Pwn2Own sponsor Tipping Point. Insecurity research company Vupen broke into the Safari browser, running on a fully patched version of Mac OS X, by successfully exploiting a zero-day flaw. The firm won a £15,000 cash prize and a 13-inch MacBook Air for its trouble.

This was in spite of Apple having issued a last-minute security patch to save itself from embarrassment. Vupen previously wrote about the Safari patch on its Twitter feed. It said, "This breaks some exploits, but not all!", probably written by a poster with a big grin on their face.

Steven Fewer, of Irish security vulnerability firm Harmony, broke into Internet Explorer 8 at the contest, bypassing protected mode. He received a laptop and a $15,000 cash prize after spending "six weeks of hard work" trying to find a way in. Microsoft said it was already investigating.

Google's Chrome like last year escaped unscathed by hacking, in spite of the company offering a bigger $20,000 reward. But this might have been due to a rule stating that a contestant needed to hack Chrome and escape the sandbox using vulnerabilities in the Google-written code.

The Firefox contest was delayed until day 2, while Google has offered money to a hacker who can perform a sandbox escape in non-Google code on days 2 and 3. Google will also offer money for the Chrome bug that enables the hack. µ