As he had already predicted, cracker Charlie Miller has won the PWN2OWN contest by cracking Safari and Mac OS X within seconds of the start of the competition. “It took a couple of seconds. They clicked on the link and I took control of the machine,” Miller said after his accomplishment. He took home the USD 10000 prize, as well as the MacBook he performed the exploit on. Internet Explorer 8 fell a while later by cracker Nils, who also cracked Safari and Firefox after being done with IE8.
Miller cracked Safari running on a fully patched installation of Mac OS X on a MacBook. The details of the exploit will not be given out until Apple has published a patch to ensure that others don’t run with the exploit and abuse it. This is the second year in a row that Safari on the Mac is the first to fall in the PWN2OWN contest, again by Miller’s hands.
A while after, Internet Explorer 8, running on Windows 7, also fell. Windows 7 was running on a Sony Vaio P, and was cracked by a cracker named Nils, who wishes to remain anonymous. He also won a cash prize and got to keep the Vaio P. Several Microsoft security folk were on sight to witness the exploit. This exploit is also kept under wraps until Microsoft releases a patch. Later on, Nils also broke into Safari (Mac) and Firefox.
All the cracks happened on day one of the contest, which means the operating systems and browsers were fully patched, with no additional plugins loaded. So far, only Chrome hasn’t been cracked yet, but that probably won’t take long, seeing how quick the first browsers were exploited.
Still on the table… this year’s contest will also offer a $10,000 prize for every vulnerability successfully exploited in Windows Mobile, Android, Symbian, and the iPhone and BlackBerry OSes. The competition runs through Friday… so it ain’t over yet.