Apple iPhone, Firefox, Safari and IE Fall in Hacking Contest
The CanSecWest security conference's annual Pwn2own contest claimed another set of victims, including the Apple iPhone 3G S, Mozilla Firefox and Microsoft Internet Explorer.
Score another for the hacker community. At the Pwn2Own contest at this week's CanSecWest Applied Security conference in Vancouver, hackers have had their way with the Apple iPhone, Mac and Safari, as well as Mozilla Firefox and Microsoft Internet Explorer. The iPhone fell courtesy of Vincenzo Iozzo of Zynamics and independent security researcher Ralf-Philipp Weinmann, who developed an attack that bypassed the code signing and data execution prevention features that prevent arbitrary code from running. To this, they "chained existing code bits" (TXT file) in a technique known as return-into-libc or return-oriented-programming, according to Zynamics.
"A bug in Safari was exploited that extracted the SMS database from the phone and uploaded it to a server," Zynamics CEO Halvar Flake explained in a blog post.