Pwn2Own 2009: MacBook/Safari Hacked in Seconds

[randomizer]

Safari is the worst mainstream browser bar none. Please let it die Apple, please. I might even buy an Apple case sticker if you do.

 

[SneakySnake]

Safari is the worst mainstream browser bar none. Please let it die Apple, please. I might even buy an Apple case sticker if you do.

It certainly isn't the best but Safari 4 beats IE8 soundly. I'm a Chrome/Firefox man myself but I run Safari 4 beta and the IE8 beta as well. Chrome 2.0 is quite good

 

[randomizer]

Chrome still has annoying problems with some addons like Flash that I can't stand, so I'm a FF man myself. IE7 is the worst browser that I use on a semi-regular basis. I've always found Safari to be slow and unstable so rarely if ever use it.

 

[vaskodogama]

this article shows, that Safari on Mac OS is soooooo weak in security that it can be hacked with just one click and BOOM! hacked!
and for IE 8 that hacked, it's a shame for MS too!
IMO, they have to hire these hackers to only hack their products and give them loads of money, because, bad security equals bad reputation!
I hope you get my point!

 

[jsloan]

[citation][nom]vaskodogama[/nom]and for IE 8 that hacked, it's a shame for MS too![/citation]

yeah it's kinda leaves you wondering what the *&%!, after all the talk, and money spent, ie is still like being hacked by people who don't have access to the source code, imagine if they did...

 

[Guest]

>> Last year Ubuntu PC was hacked through FF and Adobe Flash. What happen this year? Is Ubuntu PC still standing? I wish TH gives better coverage.

Not according to this article:
http://www.theregister.co.uk/2008/03/29/ubuntu_left_standing/

 

[SAL-e]

[citation][nom]jebblue[/nom]>> Last year Ubuntu PC was hacked through FF and Adobe Flash. What happen this year? Is Ubuntu PC still standing? I wish TH gives better coverage.Not according to this article:http://www.theregister.co.uk/2008/ [...] _standing/[/citation]

Hi jebblue,
I don't remember very well so could you please correct me if I am wrong. I think the reason why Ubuntu system was not hacked during the competition was a small mistake in the flash payload. Shortly after the competition the prove of concept was released and I had to uninstall Adobe Flash on my Ubuntu box and I had to wait for new release from Adobe, because they never fixed it the old version. Am I correct?

 

[eddieroolz]

[citation][nom]SneakySnake[/nom]PC fanboys cometh[/citation]

-16, you have set a new record for me, buddy.

 

[Guest]

I was going to install IE8 on my XP partition, then it asked me to turn off my antivirus before installing(much like printer drivers do). People in the know, know what that means, needless to say I went with Firefox.

 

[scryer_360]

No OS is safe. The fact is that in order to push out the OS and keep it open enough to add stuff later, a firm would rather release an OS with loopholes and exceptions in code that allows it to be exploited than release a secure OS.

 

[Guest]

Actually, reading the story I notice that it really didn't take 10 seconds to hack Safari, but much more.
He really did all the preparation work before the contest, I believe it should be added to the "10 seconds":
Quote article:
"He also said he came to CanSecWest with the intention to hack into Safari and tested the exploit to make sure it worked first time around."