IE8, Safari, Even iPhone Fall at Pwn2Own Contest
by Larry Seltzer
The annual Pwn2Own contest at CanSecWest is underway, and on the first day Web browsers fell to attack. Internet Explorer 8 and Firefox 3.6.2 on 64-bit Windows 7 and Safari on OS X all were forced to run exploit code. To add insult to injury, an iPhone was cracked and the SMS database lifted from it.
The IE exploit is the most interesting because it bypasses both DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization), albeit in a very cumbersome way, The researcher, Peter Vreugdenhil, explains exactly what he did in a paper on his web site.