First Pwn2Own 2009 Contest Winners Emerge

mellowdonkey writes "Last year's CanSecWest hacking contest winner, Charlie Miller, does it again this year in the 2009 Pwn2Own contest. Charlie was the first to compromise Safari this year to win a brand spankin new Macbook. Nils, the other winner, was able to use three separate zero day exploits to whack IE8, Firefox, and Safari as well. Full detail and pictures are available from the sponsor, TippingPoint, who acquired all of the exploits through their Zero Day Initiative program."

Re:ScoreAfter Day 1 (for the TL;DR crowd)

[Slashdot+Suxxors]

Has nobody tried "hacking" the mobile devices? You'd think with all the BBs/iPhones/WM and Symbian devices out there, there would be a market for exploiting them.

Re:No details?

[ld+a,b]

>"we had the user click a link and all hell broke loose"

That is exactly what happened with Safari on MacOS, in seconds. I guess the others fell just as easily, but with a bit more crude exploits.

We don't get to know the details because vendors get to fix the hole before anything is published, which is long after all of us have forgotten about the contest.

What really is misleading is that Windows 7 and MacOS are implied pwned when it appears that only the browsers were taken.

With IE8 purportedly running in a "sandbox", breaking out of that was interesting by itself and hopefully a bit more difficult than just escalating privileges in MacOS.

I miss Linux too. A hole in firefox means being just one local exploit away from pwning your box.

What details...?

[argent]

Full detail and pictures are available from the sponsor, TippingPoint, who acquired all of the exploits through their Zero Day Initiative program.

I see no details here.