14 DAY TRIAL // The annual Pwn2Own hacking contest has ended with another round of vulnerabilities discovered and exploited in the world’s most used platforms, including Apple’s own Safari web browser, which took a great deal of effort to crack.
China's Keen Team reportedly had to exploit two chained vulnerabilities to successfully compromise the Safari web browser, and declared Apple’s OS X operating system the toughest nut to crack.
Liang Chen of the Keen Team said they used a heap overflow in the Safari Webkit that opened the door to arbitrary code execution, but the bug could not be exploited alone on Apple’s OS X Mavericks. Chen said he had to use a second vulnerability to successfully exploit the browser.
“We utilized another system vulnerability to bypass the sandbox to get a process running in the user’s context,” he said.
According to threatpost.com, the flaws were immediately disclosed to HP’s Zero Day Initiative, a longtime sponsor of the Pwn2Own contest. Apple representatives were also present for the disclosure, according to the report. In other words, the company is now aware of these flaws and will deliver a patch in a future software update.
“I think the Webkit fix will be relatively easy,” Chen said of the flaws. “The system-level vulnerability is related to how they designed the application; it may be more difficult for them.”
Chen also said, “For Apple, the OS is regarded as very safe and has a very good security architecture. Even if you have a vulnerability, it’s very difficult to exploit. Today we demonstrated that with some advanced technology, the system is still able to be pwned. But in general, the security in OS X is higher than other operating systems."
One of the more notable figures present at the event was George Hotz, also known as Geohot. He is the author of the very first iPhone unlock and several subsequent iOS jailbreaks. He got sued by Sony for hacking the PS3, and he has made dozens of headlines thanks to his hacking prowess.
Woz reportedly told The New Yorker in 2012, “It was like a story out of a movie of someone who solves an incredible mystery. I understand the mind-set of a person who wants to do that, and I don’t think of people like that as criminals. In fact, I think that misbehavior is very strongly correlated with and responsible for creative thought.”