Safari and IE8 Were the First to Fall at Pwn2Own

Apple's Safari browser was the first to fall at the annual Pwn2Own hacking contest taking place at the CanSecWest conference in Vancouver.

Every year, Pwn2Own sees security experts and hackers attempt to hack into machines by exploiting vulnerabilities in the computers' browsers. This year, both Apple and Google released last minute updates before the competition started. Despite this, Safari was the first to fall. Ars Technica reports that VUPEN, a French security company and the first to take a shot at Apple's browser, had gained control of the fully-patched Mac OS X 10.6.6 MacBook five seconds after the browser visited its specially-crafted web page. Despite Apple's update to Safari, the exploit still worked in version 5.0.4.

Next to go was Internet Explorer, which didn't receive an update prior to the competition. Stephen Fewer of Harmony Security managed to beat the 32-bit version of Internet Explorer 8 running on 64-bit Windows 7 Service Pack 1 using three separate vulnerabilities. Two of these were to achieve successful code execution within the browser, with the third being needed escape IE's Protected Mode sandbox. Fewer told Ars that it took him five to six weeks to put together the attack.

The hacker scheduled to take on Google’s Chrome on a Cr-48 Chrome OS notebook was a no-show.

Read more about the exploits and the hackers that beat Safari and IE8 on Ars Technica.