Pwn2Own is a computer hacking contest held at the annual CanSecWest security conference, beginning in 2007. Contestants are challenged to exploit specific software (especially web browsers and other web related software) / computing platform targets. Contestant winners receive the device/computer that was successfully exploited and a cash prize.

For each successful exploit, the contest’s sponsor, TippingPoint, provides a report to the applicable vendor, detailing the vulnerability and how it was exploited. The details are not released to the public until the vendor has corrected the vulnerability.

Summary: The results of pwn2own is definately a major factor in choosing a browser. The winner was Google Chrome due to its implementation of each tab being sand-boxed from the operating system.

The Competition started at March 24, 2010 and had a total cash prize pool of $100,000. On March 15—nine days before the contest was to begin—Apple released sixteen patches for WebKit and Safari.

Software to exploit

$40 000 of the $100 000 are reserved for web browsers, where each target is worth $10,000.

Day 1

• Microsoft Internet Explorer 8 on Windows 7
• Mozilla Firefox 3.6 on Windows 7
• Google Chrome 4 on Windows 7
• Apple Safari 4 on Mac OS X Snow Leopard

Day 2

• Microsoft Internet Explorer 7 on Windows Vista
• Mozilla Firefox 3 on Windows Vista
• Google Chrome 4 on Windows Vista
• Apple Safari 4 on Mac OS X Snow Leopard

Day 3

• Microsoft Internet Explorer 7 on Windows XP
• Mozilla Firefox 3 on Windows XP
• Google Chrome 4 on Windows XP
• Apple Safari 4 on Mac OS X Snow Leopard

Target: Mobile Phones

$60,000 of the total $100,000 cash prize pool is allotted to the mobile phone portion of the contest, each target is worth $15,000.

• Apple iPhone 3GS
• RIM BlackBerry Bold 9700
• Nokia E72 device running Symbian
• HTC Nexus One running Android

Successful exploit

• Charlie Miller successfully hacked Safari 4 on the Mac OS X.
• Peter Vreugdenhil exploited Internet Explorer 8 on Windows 7 by using two vulnerabilities that involved bypassing ASLR and evading DEP.
• Nils hacked Firefox 3.6 on Windows 7 64-bit by using a memory corruption vulnerability and bypass ASLR and DEP. Mozilla patched the security flaw in Firefox 3.6.3.
• Ralf Philipp Weinman and Vincenzo Iozzo hacked the iPhone 3GS by bypassing the digital code signatures used on the iPhone to verify that the code in memory is from Apple.

It is interesting to see how different companies approached this event:

Mozilla acknowledged the bug, fixed it in 10 days, publicly announced it as critical, and fixed it in a previous version just in case .

Microsoft made a public statement saying that it will be fixed, and that’s all folks, at least for now.

Apple with Safari is all secrecy.

This entry was posted on Wednesday, June 9th, 2010 at 21:23 by dsmith and is filed under Apple, Attack, Exploit, Firefox, Flaw, Google, Google Chrome, Internet Explorer, MacOS, Microsoft, Mozilla, Security, Vista, Vulnerability, Windows, Windows 7, Windows XP, iPhone. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.