Apple and Microsoft were faced with embarrassment today as their Safari and Internet Explorer (IE) browsers were the first to be hacked in the Pwn2Own contest.
Pwn2Own is being held in Vancouver this week as part of the CanSecWest conference, as researchers sought to highlight vulnerabilities in various pieces of technology.
Chaouki Bekrar, from French firm Vupen Security, was able to crack Safari running on Mac OS X by taking advantage of a vulnerability in WebKit.
Apple has now fixed the flaw with the Safari 5.0.4 release, in which it secured a total of 62 vulnerabilities, but the patch was not issued in time for the Pwn2Own competition.
Stephen Fewer, an Irish security consultant, managed to hack IE8 on a 64-bit version of Windows 7, exploiting three bugs at the same time and even bypassing protected mode.
Both Bekrar and Fewer were handed cash prizes of $15,000 (9,345).
Although the teams managed to exploit the browsers in minutes, the research that went into finding the holes and exploring ways to take advantage of them could have taken weeks or even months.
Two teams had signed up to take on Google Chrome, but one failed to show up and another decided to pull out.
Google, which this week released Chrome 10, had offered a $20,000 prize for anyone who could hack its browser on the first day.
No researchers turned up to take on Firefox either, after Mozilla updated the browser this week.
The somewhat controversial Pwn2Own contest taking place this week will also see contestants attempt to hack into a range of smartphones, including the Apple iPhone.
-
Google rolls out patch for high-severity Chrome browser zero dayNews It's the eighth time this year Google has been forced to address a zero-day vulnerability in its world-leading browser
-
Google Chrome branded the least effective browser for stopping phishing attacksNews The world's most popular browser came dead last when compared against competitors
-
Windows devices targeted by PuzzleMaker malware exploiting Chrome zero-day flawNews Chain of vulnerabilities used to attack multiple companies worldwide
-
Malware found on popular Facebook, Instagram and Vimeo browser extensionsNews Chrome and Edge extensions laced with malware have already been installed three million times
-
Google sets a date for Chrome extension privacy revamp
News From January 18th, developers must be clear about how they're handling user data
-
Google looks to replace third-party cookies in two yearsNews The online advertising market needs to shift to tracking methods that offer some user privacy, admits Google
-
Chrome continues HTTP phase-out by removing 'secure' icon from HTTPS sitesNews Changes in 'secure' and 'non secure' icons comprise final steps in plan to make web secure-by-default
-
Hack on popular Chrome plugin spams ads to one million usersNews The author says a phishing scam led to the theft of admin credentials
