CanSecWest - Pwn2Own

[Corrine]

Some of the events at Pwn2Own . . .

Safari/MacBook

Safari/MacBook first to fall at Pwn2Own 2011:

A team of security researchers from the French pen-testing firm VUPEN successfully exploited a zero-day flaw in Apple's Safari browser to win this year's Pwn2Own hacker challenge.

VUPEN co-founder Chaouki Bekrar (right) lured a target MacBook to a specially rigged website and successfully launched a calculator on the compromised machine.

The hijacked machine was running a fully patched version of Mac OS X (64-bit).

IE8/Windows 7 SP1

Pwn2Own 2011: IE8 on Windows 7 hijacked with 3 vulnerabilities:

Using three different vulnerabilities and clever exploitation techniques, Irish security researcher Stephen Fewer successfully hacked into a 64-bit Windows 7 (SP1) running Internet Explorer 8 to win this year's CanSecWest hacker challenge.

Fewer (right), a Metasploit developer who specializes in writing Windows exploits, used two different zero-day bugs in IE to get reliable code execution and then chained a third vulnerability to jump out of the IE Protected Mode sandbox.

The attack successfully bypassed DEP (data execution prevention) and ASLR (address space layout randomization), two key protection mechanisms built into the newest versions of Windows.

Note:  http://twitter.com/#!/msftsecresponse/...939417998831617

@msftsecresponse Security Response
We have confirmed that IE 9 RC is not affected by the vulnerability used in the pwn2own contest. IE 9 officially releases on Monday

~~~~~~~~~~~

A few of the participants released updates to critical vulnerabilities prior to the event:

Pwn2Own 2011: On cue, Apple drops massive Safari, iOS patches:

With obvious eyes on this year's CanSecWest Pwn2Own hacker challenge, Apple today dropped two major security updates for Safari and iOS to fix more than 60 vulnerabilities that could be used to hijack Windows, Mac OS X or iPhone/iPod Touch devices.

The patches arrive on the same day of the annual contest, which pits vulnerability researchers and exploit writers against the major web browsers and smart phones.  Apple has now followed Google and Mozilla in releasing browser updates ahead of Pwn2Own.

The new Apple Safari 5.0.4 fixes a total of 62 documented vulnerabilities, most serious enough to allow code execution attacks if a user simply surfs to a booby-trapped web site.   The majority of the vulnerabilities are in WebKit, the open-source browser rendering engine. {bold added]