iPhone, Safari, IE8, Firefox fall on day one of Pwn2Own

kookster · 28 Mar 2010

Kari said:

kookster said:

Man most of that was like gibberish to me, but it was still cool to read.

To put it very simple, he found a way to avoid DEP, thus letting him to execute code where it's normally not possible.

A clear vulnerability. He deserved his price.

Kari

Yeah thats about all I got.

CarlTR6; said:

It just goes to show that nothing is really secure.

Yep, there will always be mistakes/holes/something that can be infiltrated or abused. Because we can't make anything perfect.

pillainp · 28 Mar 2010

To my mind, the real reason would be complacency. Any time time you think you are secure, if you are big enough, someone will try to take you down.

arkhi · 29 Mar 2010

Question: Does this mean that it will also bypass UAC?

si8mon · 29 Mar 2010

Google chrome was the only main browser not to be successfully hacked during the contest. Its either the hackers don't care about chrome or the browser has excellent security.

Product FRED · 29 Mar 2010

si8mon said:

Google chrome was the only main browser not to be successfully hacked during the contest. Its either the hackers don't care about chrome or the browser has excellent security.

That's because it wasn't used in the contest. They do care about Chrome, but because of its modular processes, it's more difficult to exploit than, say, IE, which is by comparison a much bigger target. Plus Google patched up an exploit a few days before the contest.

Ruudfood · 29 Mar 2010

I wonder how Opera got on!