Main » 2011 » Март » 16 » The second day pwn2own firefox android blackberry iphone windows phone 7
12:26
The second day pwn2own firefox android blackberry iphone windows phone 7
After a successful attack on the Safari and Internet Explorer 8, the second day of competition Pwn2Own 2011 brought victory over the iPhone and the BlackBerry Torch April 9800.

IPhone has been hacked veteran competitions Charlie Miller with Dion Blazakis. Past three years, Miller has successfully hacked as phones and laptops Apple, so that hacking the iPhone 4 is a logical continuation of his career. The phone has been compromised by visiting a special web page via Mobile Safari.

According to competition rules, verification is required to exploit the latest version of the software. This year "freeze" versions occurred last week, it should protect participants from updates with patches released right before the competition. If successful, breaking the "frozen" configuration, the participant receives a prize the device itself, and if a vulnerability exists in the latest software version, it gets more and money.

The iPhone has been "frozen» iOS 4.2.1, but the same error exists in the latest iOS 4.3, so that Miller won both the phone and money. The truth of his exploits was unable to break through the defense iOS 4.3 because of new technology Address Space Layout Randomization (ASLR), but since the error in the Mobile Safari there - he still received the money.


Next platform - BlackBerry Torch 9800 was also hacked the veterans competition, broke the iPhone in 2010. BlackBerry OS is compromised through a vulnerability in the browser, based on the engine, WebKit. A trio of researchers, breaking defenses BlackBerry, said that the main difficulty was not so much a system of protection, such as Data Execution Prevention (DEP) and ASLR, and the fact that BlackBerry - a black box with no documentation, and sufficient tools for analysis. Finding the hole, it took them a long time to make a working exploit. The attack was made on the BlackBerry OS 6.0.0.246, manufacturers will soon release an updated version of the firmware, but the security hole was not eliminated.

The same tests were run Firefox, and phones with Android and Windows Phone 7 on board. A potential attacker Ognelisa abandoned attempt to refer to the instability of his exploit. Attacks on Android and Windows Phone 7 were not successful - these platforms, as well as Chrome, is still not defeated. Maybe it will happen on the third day of competition.

Original news.
Views: 422 | Added by: w1zard | Rating: 0.0/0
Total comments: 0
Имя *:
Email *:
Код *: