Security researcher Charlie Miller, who last year managed to gain control of a MacBook through a Safari browser exploit in under two minutes, improved his mark today at the Pwn2Own event, repeating the feat in less than 10 seconds
. In fact, he did so with all system and browser security updates applied. The contest is sponsored by security firm TippingPoint
, which awards a prize to hackers for each vulnerability found, and shares the details with the respective software vendors in order to find solutions.
The second machine to fall was a Sony Vaio P laptop running Windows 7, which was exploited through a vulnerability in the recently released Internet Explorer 8. This was accomplished by a 25 year old computer science student at the University of Oldenburg in Germany calling himself Nils, who also demonstrated a separate exploit for Safari and Firefox.
At the end of the first day of the Pwn2Own contest, Google Chrome was the last browser standing but there is still plenty of time and prizes for more browser exploits. They will also target a selection of smartphones, including RIM's BlackBerry, Apple's iPhone, T-mobile's G1 running Android, HTC's Touch running Windows Mobile, and Nokia's N95 running Symbian.