iPhone, IE 8, Firefox succumb to exploits in Pwn2Own

Share this article:

Two researchers participating in a hacking contest on Wednesday brought down the Apple iPhone, a difficult assignment considering the latest version of the popular mobile device contains new security measures designed to combat exploit attempts.

Participating in the Pwn2Own contest as part of the CanSecWest conference in Vancouver, British Columbia, Vincent Iozzo and Ralf-Phillipp Wienmann used a technique known as return-oriented programming to exploit the bug in the iPhone's Safari browser.

The vulnerability allows an attacker to execute remote code if a user is tricked into visiting a malicious website via the Safari browser. The payload, as the two men demonstrated, allowed them to steal messages contained in the phone's SMS database and send it back to a web server under their control.

To launch the exploit, the researchers had to find a way to evade code signing and data execution prevention safeguards present in v2.0 of the iPhone, meant to limit arbitrary code from running on the device.

"It is the first time that this technique has been publicly demonstrated on a real-world telephone," said a news release announcing the feat. "The demonstrated attack code steals the SMS database from the phone, albeit other attack payloads are easily possible."

For their achievement, the researchers won $15,000.

According to reports from the contest, Safari on the MacBook Pro also was successfully exploited at the hands of Charlie Miller of Independent Security Evaluators and one of the best known Apple hackers.

Internet Explorer (IE) 8 and Firefox 3, both running on 64-bit Windows 7 machines, also fell. Google's Chrome browser, apparently thanks to its "sandbox" features, has so far survived another year of competition.

Researcher Peter Vreugdenhil was responsible for the IE hack, while a white-hat hacker known as "Nils," of security testing firm MWR InfoSecurity, accomplished the Firefox exploit.

All of the exploits took the winners just seconds to demonstrate, but months of research to devise.

TippingPoint's Zero Day Initiative, which offers the cash prizes, acquires the rights to the vulnerability discoveries and soon will send details to the affected vendors.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.