Pwn2Own: Down go all the browsers

For discussions about security.
Post Reply
Message
Author
User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

Pwn2Own: Down go all the browsers

#1 Post by Flash »

Pwn2Own: Down go all the browsers
At the CanSecWest conference in Vancouver, Canada, the HP Zero Day Initiative's (ZDI) annual Pwn2Own competition has ended its first day of competition and Microsoft's Internet Explorer (IE) 10, Google's Chrome and Mozilla's Firefox Web browsers have all been cracked. In addition, Java—can anyone be surprised at this?--was also cracked multiple times.
Java, which has been getting hacked over and over again recently, fell not once or twice but three times to crackers. Vupen broke Java by "using a same unique heap overflow as a memory leak to bypass ASLR and as a code execution."

Java was also broken by Accuvant Labs security scientist Joshua Drake and Context Information Security consultant and vulnerability researcher James Forshaw. Drake appears to have used a similar method to Vupen's in his successful hack, while Forshaw used a "reflection" attack.

Not everything was "pwned" though. No one broke Adobe's Flash Player and Adobe Reader on Windows 7 or Safari on Mac OS X Mountain Lion. Adobe products may yet go down. Vupen is going after Flash today and George Hotz, best known for unlocking Apple's iPhone, is taking on Reader.

It's not all bad news for those who are trying to secure their programs.

In a ThreatPost interview, Chaouki Bekrar, Vupen's CEO and head of research, said, "Writing exploits in general is getting much harder. Java is really easy because there's no sandbox. Flash is a different thing and it's getting updated all the time and Adobe did a very good job securing it. It's more expensive to create a Flash exploit than a Java one. Every time Adobe updates Flash, they're killing bugs and techniques and sandbox bypasses, and honestly, Adobe is doing a great job making it more secure."

As for the browsers in general, Brekar concluded:

"Chrome is probably the most hard to attack because of the sandbox. The weakness in Chrome is Webkit and the strength is the sandbox. Probably one of the reasons Chrome is so secure is that the Google guys don't just fix vulnerabilities but they're proactive in fixing techniques and sandbox bypasses."

User avatar
Monsie
Posts: 631
Joined: Thu 01 Dec 2011, 07:37
Location: Kamloops BC Canada

Pwn2Own: Down go all the browsers

#2 Post by Monsie »

While I read that Internet Explorer 10 (designed for Windows 8 ) went down, I haven't seen any report to indicate that Internet Explorer 9 (designed for Windows 7 ) went down. Maybe IE 9 has yet to be tested this year. I haven't used IE 10 but I understand that it is quite a bit different than its predecessor, and so it may not be as hardened, or as secure generally as IE9. The bottom line might be that just because Internet Explorer 10 went down, does not necessarily imply that Internet Explorer 9 is equally as vulnerable --if not more so.

Monsie
My [u]username[/u] is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.

Post Reply