Linked by Thom Holwerda on Thu 19th Mar 2009 06:44 UTC, submitted by Moulinneuf
Privacy, Security, Encryption As he had already predicted, cracker Charlie Miller has won the PWN2OWN contest by cracking Safari and Mac OS X within seconds of the start of the competition. "It took a couple of seconds. They clicked on the link and I took control of the machine," Miller said after his accomplishment. He took home the USD 10000 prize, as well as the MacBook he performed the exploit on. Internet Explorer 8 fell a while later by cracker Nils, who also cracked Safari and Firefox after being done with IE8.
Permalink for comment 353880
To read all comments associated with this story, please click here.
RE[3]: Comment by Hakime
by Soulbender on Thu 19th Mar 2009 11:40 UTC in reply to "RE[2]: Comment by Hakime"
Member since:

He went out of his way to test the exploit before the contest to make sure it would work every time.

Well, it's quite possible the other guys had also prepared for the browsers they worked on.

That being said, I'd truly love to know exactly what control over the machine he had as a result of that, as the ZDNet article is rather vague beyond stating that.

Yeah, I was also wondering how he got control over the machine from the browser. Running code, sure, but that would still only be under the user account.
Then again, having "root" isn't what most malware is interested in anyway.

but it can still at least be very damaging to that user's accounts.

Aside from not being able to change system files and configurations it can still be quite damaging. You can still run botnets from a user account, for example.

Edited 2009-03-19 11:42 UTC

Reply Parent Score: 5