Pwn2Own claims RIM, Microsoft, Apple

(Pawn bokeh image by Alan Cleaver, CC2.0)

Today, RIM paid the price for adding a WebKit browser to its BlackBerry phones, as Ralf Philipp Weinmann, Vincenzo Iozzo and Willem Pinckaers launched a successful drive-by download attack on the BlackBerry Torch 9800 following a run of trial-and-error attempts.

The hack, which won them the BlackBerry portion of the competition, might just see RIM introduce the absent Data Execution Prevention and Address Space Layout Randomisation into the phones. Iozzo and Pinckaers also won a US$15,000 prize last year for hacking into an iPhone.

Notorious Apple exploiter Charlie Miller this year hacked into an iPhone 4 and stole its contacts by exploiting a Mobile Safari flaw. Miller took home US$10,000 for hacking into a fully patched MacBook at Pwn2Own 2009.

Microsoft's Internet Explorer and Apple's Safari also fell to some impressive hacks. Safari was owned on a fully patched 64-bit Mac OS X, while Windows fell on a 64-bit Windows 7 box running Service Pack 1.

Google's Chrome and Mozilla's Firefox prevailed, which means Google got to keep the US$20,000 prize it had offered to anyone who broke its browser's sandbox to compromise a Windows 7 machine.

Mozilla, Google and Apple had all pushed out some serious updates days before the event.

Security reporter Ryan Naradine from ZDNet Australia's United Sates sister site is reporting from the conference.

ZDNet Pwn2Own coverage:

• Charlie Miller wins Pwn2Own again with iPhone 4 exploit
• Safari/MacBook first to fall at Pwn2Own 2011
• Pwn2Own 2011: IE8 on Windows 7 hijacked with three vulnerabilities
• Google Chrome gets last-minute bandaid before Pwn2Own
• Apple ships fix for critical Java for Mac vulnerabilities
• Pwn2Own 2011: on cue, Apple drops massive Safari and iOS patches