Pwn2Own 2011: On cue, Apple drops massive Safari, iOS patches

Summary:With obvious eyes on this year's CanSecWest Pwn2Own hacker challenge, Apple today dropped two major security updates for Safari and iOS to fix more than 60 vulnerabilities that could be used to hijack Windows, Mac OS X or iPhone/iPod Touch devices.

VANCOUVER -- With obvious eyes on this year's CanSecWest Pwn2Own hacker challenge, Apple today dropped two major security updates for Safari and iOS to fix more than 60 vulnerabilities that could be used to hijack Windows, Mac OS X or iPhone/iPod Touch devices.

The patches arrive on the same day of the annual contest, which pits vulnerability researchers and exploit writers against the major web browsers and smart phones.  Apple has now followed Google and Mozilla in releasing browser updates ahead of Pwn2Own.

follow Ryan Naraine on twitter

The new Apple Safari 5.0.4 fixes a total of 62 documented vulnerabilities, most serious enough to allow code execution attacks if a user simply surfs to a booby-trapped web site.   The majority of the vulnerabilities are in WebKit, the open-source browser rendering engine.

Google Chrome gets last-minute bandaid before Pwn2Own

The Safari update also fixes multiple gaping holes in ImageIO and libxml.

Separately, Apple shipped iOS 4.3 to fix a wide range of serious security issues.  The most serious of the iOS flaws could be used to take control of Apple's iPhone devices with maliciously crafted fonts, images or web sites.  Full details on the iOS 4.3 update available here.

Questions for Pwn2Own hacker Charlie Miller

Apple's latest patches are unlikely to be a deterrent to some of the researchers planning to participate in Pwn2Own.

Earlier today, Charlie Miller (of Pwn2Own/Safari fame) showed me an iPhone 4 exploit that steals the victim's address book via a rigged web site.   Miller said the latest batch of patches from Apple does not fix the issue.

In addition to Miller, there are at least two other teams planning iPhone attacks and four different teams planning to hit Safari on Mac OS X.

Also read Dennis Fisher's essay on the importance of the Pwn2Own challenge.

Topics: Security, Apple, Operating Systems

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.