VUPEN has pwned Apple Safari on Mac OS X (x64) at pwn2own in only 5 seconds, according to a ZDNET report.
Co-founder Chaouki Bekrar lured a MacBook to a website which immediately owned the victim and successfully launched a calculator on the compromised machine.
In an interview with ZDNet, Bekrar said the vulnerability exists in WebKit, the open-source browser rendering engine. A three-man team of researchers spent about two weeks to find the vulnerability (using fuzzers) and writing a reliable exploit.
VUPEN won a $15,000 cash prize and an Apple MacBook Air 13″ running Mac OS X Snow Leopard.
The machine was running a fully patched version of Mac OS X (64-bit).
Read More [via MacRumors]
Co-founder Chaouki Bekrar lured a MacBook to a website which immediately owned the victim and successfully launched a calculator on the compromised machine.
In an interview with ZDNet, Bekrar said the vulnerability exists in WebKit, the open-source browser rendering engine. A three-man team of researchers spent about two weeks to find the vulnerability (using fuzzers) and writing a reliable exploit.
VUPEN won a $15,000 cash prize and an Apple MacBook Air 13″ running Mac OS X Snow Leopard.
The machine was running a fully patched version of Mac OS X (64-bit).
Read More [via MacRumors]