IE, Chrome, Firefox and Safari All Fall At Pwn2Own

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
The fact that all the major browsers were exploited at Pwn2Own isn't really surprising. Now, if none of them could be hacked, THAT would be surprising. :cool:

Security researchers demonstrated zero-day exploits against Google Chrome, Microsoft Internet Explorer, Apple Safari, Mozilla Firefox and Adobe Flash Player during the second day of the Pwn2Own hacking competition Thursday, racking up total prizes of $450,000.
Click to expand...
 
Not surprising at all. I use my PC with the understanding that the software I use has all sorts of exploits. I do my best to limit the attack points by not using Adobe or Java products on my primary PC. I have VMs with sandboxes for that.
 
That's not really 100% true. Yes, all the browsers failed BUT ie11 didn't only ie10 did.
 
rumblpak said:
That's not really 100% true. Yes, all the browsers failed BUT ie11 didn't only ie10 did.
Click to expand...

Um, Pretty sure this counts:

Next up was IE11 on a notebook running Windows 8.1, Microsoft's most-current operating system. "We've pwnd IE11 on Win 8.1 using a use-after-free combined to an object confusion in the broker to bypass IE sandbox," Vupen announced on Twitter after grabbing $100,000 for the hack.
Click to expand...
 
Yeah, on day 2. AFTER they disabled EMET. Its not a secure system if you go out of your way to make it insecure.
 
rumblpak said:
Yeah, on day 2. AFTER they disabled EMET. Its not a secure system if you go out of your way to make it insecure.
Click to expand...

According the the article in the OP, it was done on Day 1? Not trying to start an argument, I just happened to see that IE 11 was listed (along with Win 8.1) .
 
I read like 3 other sites that said day two. I honestly don't care all that much, I just find it mildly incorrect to say that they all failed when in IE they had to disable EMET to get the hack to work. In researching it, I am lead to believe that ie failed twice both when EMET was disabled.
 
All browsers are vulnerable if someone is resourceful and dedicated enough, what's more interesting to me. Is how quickly the vendors patch the vulnerabilities once they are found.

My chromium update through apt came through on Monday following this. Has youyr browser updated yet?

If you use Safari, the answer is probably "in 8 months or so, if we get around to it"
 
Zarathustra[H];1040710107 said:
All browsers are vulnerable if someone is resourceful and dedicated enough, what's more interesting to me. Is how quickly the vendors patch the vulnerabilities once they are found.

My chromium update through apt came through on Monday following this. Has youyr browser updated yet?

If you use Safari, the answer is probably "in 8 months or so, if we get around to it"
Click to expand...
Safari's latest version was about 3 weeks ago and a month before that. It's also possible to download webkit nightly builds.
 
Lets see them exploit a browser that is using noscript and requestpolicy.
 
No matter how secure a computer is, there will always be a way in unless it is not connected to the internet at all.
 
how is this news worthy?

now.. if there ever is a version of an adobe product that isnt riddled with exploits..now THAT would be newsworthy
 
You must log in or register to reply here.
Back
Top