Every year, the hacking community has gathered at the Pwn2Own event In Vancouver to show off their hacking skills in exchange for cash. This year a pair of Chinese hackers are making news for hacking Safari and Flash. Here’s the details as posted by Threat Post:
Fang Jiahong and Liang Chen represented the Keen Team at Pwn2Own on Thursday, starting off the second day of the annual exploit festival with a quick takedown of Apple’s Safari browser. They then wrapped up the contest with a successful zero-day exploit of Adobe Flash, the second time the Adobe product was toppled.
What should get your attention is the fact that the hackers were able to vulnerabilities in OS X Mavericks and Webkit (which is part of Safari) to bypass the security that is built into Safari. What should also get your attention is this:
“I think the Webkit fix will be relatively easy,” Chen said. “The system-level vulnerability is related to how they designed the application; it may be more difficult for them.”
Apple was present for this contest and they have been made aware of the details of how this happened. Thus it’s likely that the next update to Mavericks which is already under testing will contain a fix for this. If you’re wondering about details of the Flash hack, I can’t find any.
Oh, if you’re wondering what they got for doing this, the Safari hack scored them $40,000 and the Flash hack scored them $75,000. They said they will donate a portion of their winnings to charities representing the families of the missing Malaysian Airlines flight MH370. Nice.
Related
This entry was posted on March 14, 2014 at 9:56 am and is filed under Commentary with tags Adobe, Apple, Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Chinese Hackers “Pwn” Safari And Flash At Pwn2Own Contest
Every year, the hacking community has gathered at the Pwn2Own event In Vancouver to show off their hacking skills in exchange for cash. This year a pair of Chinese hackers are making news for hacking Safari and Flash. Here’s the details as posted by Threat Post:
Fang Jiahong and Liang Chen represented the Keen Team at Pwn2Own on Thursday, starting off the second day of the annual exploit festival with a quick takedown of Apple’s Safari browser. They then wrapped up the contest with a successful zero-day exploit of Adobe Flash, the second time the Adobe product was toppled.
What should get your attention is the fact that the hackers were able to vulnerabilities in OS X Mavericks and Webkit (which is part of Safari) to bypass the security that is built into Safari. What should also get your attention is this:
“I think the Webkit fix will be relatively easy,” Chen said. “The system-level vulnerability is related to how they designed the application; it may be more difficult for them.”
Apple was present for this contest and they have been made aware of the details of how this happened. Thus it’s likely that the next update to Mavericks which is already under testing will contain a fix for this. If you’re wondering about details of the Flash hack, I can’t find any.
Oh, if you’re wondering what they got for doing this, the Safari hack scored them $40,000 and the Flash hack scored them $75,000. They said they will donate a portion of their winnings to charities representing the families of the missing Malaysian Airlines flight MH370. Nice.
Share this:
Like this:
Related
This entry was posted on March 14, 2014 at 9:56 am and is filed under Commentary with tags Adobe, Apple, Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.