Safari Falls in Pwn2Own Contest Despite Update

Even though Apple released a major security update for Safari, contestants participating the Pwn2Own event at the CanSecWest security conference managed to hack into the Web browser in short order. A team sponsored by the French security company Vupen won the MacBook Air they hacked along with US$15,000 for their efforts, according to Computerworld.

Safari Web BrowserSafari fell fast in Pwn2Own

The security update Apple released ahead of the hacking contest patched some 64 potential security flaws, but missed the one exploited by the Vupen team. That turned out to be good news for the team because they were attacking Safari 5.0.3, but if their exploit had been patched with the just released 5.0.4 update they wouldn’t have won the prize.

Peter Vreugdenhil from HP TippingPoint, the security firm that sponsors the contest, said they always locks in the browser versions they use ahead of the event, but take into account later updates that are released before the teams go hands-on at ConSecWest. “Exploit development does sometimes rely on certain versions and that is the reason we have frozen the devices,” he said.

Microsoft’s Internet Explorer quickly fell to its first hacking attempt, although Google’s Chrome Web browser is still holding up.