The third annual Pwn2Own competition has wrapped up recently, showing off some interesting events throughout the event. If you've been following the contest at Neowin, you may have seen Microsoft flaunting a very speedy response time to a bug, as well as Google's Chrome being the only browser to survive the first day. That's all well and good, but what else happened?
Firstly, none of the mobile devices at the competition were exploited. Why was this? According to the TippingPoint blog, "'Why?' Are mobile devices inherently more secure? It was a tough question to answer. I think there are a lot of barriers left to overcome in order to have a successful contest on these platforms, and too many reasons to list." Essentially, mobile devices have a limited amount of memory and processing power, so they can be exploited "but actually exploiting them is complicated and unpredictable."
Four new major flaws were discovered in the three main browsers tested; IE, Firefox and Safari. Following up from Chrome's first day of attack, the browser never suffered any major vulnerabilities. Apparently one flaw was found in it, yet any of the current known techniques are unable to exploit it. A small victory for Google, but remember Chrome is in early days still. As the blog mentions, the moment you patch one flaw in a browser new exploits are quickly discovered. It's this fact that powers these types of competitions, and rightly so.
This year's Pwn2Own was a great success and it's good that the fixes for the flaws are being worked on so quickly. Stay alert for this time next year, when the fourth Pwn2Own kicks off.
7 Comments - Add comment