Apple’s Safari browser has once again been compromised, this time by VUPEN co-founder Chaouki Bekrar in today’s Pwn2Own hacker contest. The vulnerability was demoed on a MacBook which was running a fully patched version of Mac OS X (64-bit) where he was able to launch a calculator on the compromised machine. According to Bekrar, the vulnerability was discovered in WebKit, the open-source browser rendering engine using fuzzers. The team took around two weeks to identify the vulnerability and coding a working exploit for it. Bekrar and his team ended up winning a $15,000 cash prize and an Apple MacBook Air 13” running Mac OS X Snow Leopard. Bekrar said the Safari exploit was “somewhat difficult” because of the lack of documentation regarding 64-bit Mac OS X exploitation.” We had to do everything from scratch. We had to create a debugging tool, create the shellcode and create the ROP (return oriented programming) technique,” he explained. “The main difficulty was doing this on our own, without the help of any documentation,” he said. Interestingly, Apple released Safari 5.0.4 in the nick of time for the Pwn2Own security competition but it was successfully exploited anyway. We’ll bring you more updated news from the 5th Pwn2Own hacking contest. You can stay tuned for more info by following us on Twitter and/or subscribing to our RSS feed. [Source: ZDNet] Authors:

to know more click here