Pwn2Own 2011, a 3 days hackers extravaganza, has just concluded in Canada. So, now is the time to take toll of fallen heroes and to
see if any browser or software platform survived the wrath of hackers. This year, the contest also allowed the participants to target mobile phones. Browser giant Internet Explorer and Safari fell on the very first day. Safari 5.0.3 was brought down to its knees by French security firm VUPEN. Ostensibly, the French firm took only 5 seconds to crack Safari. The first day's second casualty was Internet Explorer 8, 32 bit version. IE8 was exploited by Stephen Fewer of Harmony Security.
Day 2 of the contest was devoted to mobile phone exploits. Just like its desktop counterpart, even the mobile Safari did not put much resistance and was easily hacked by Security researchers Dion Blazakis and Charlie Miller for gaining access to the address book of iPhone 4, running on iOS 4.2.1. Similarly BlackBerry Torch 9800 was hacked using its WebKit vulnerability. Day 2 was also meant for testing Android, Windows Phone 7 and Firefox. But the researchers chosen for Windows Phone 7 and Android simply did not show up, whereas Firefox tester withdrew citing the instability of his exploit.
Google had been pretty lucky this time. The company had offered special prize for anyone uncovering the security flaw in its browser Chrome. However, the researchers selected for the browser were a no-show at the contest. Similar thing happened in the case of Android Operating system, which was scheduled for Day 2. Interestingly, both Apple and Microsoft have released patches for the various security holes in the browser versions used in this contest, but the vulnerabilities which were exploited by the contestants are still uncovered.