Pwn2Own Articles on TUAW - The Unofficial Apple Weblog

Safari exploit used to gain control of iPhone at Pwn2Own

by Kelly Hodgkins (Sep 20th, 2012)

A team of Dutch researchers used a WebKit vulnerability in Mobile Safari to gain access to a fully patched iPhone 4S during a recent mobile Pwn2Own challenge. The attack circumvented Apple's code-signing requirements and grabbed the entire address book, photo and video database and web browsing ...

Safari used to hijack MacBook Pro at Pwn2Own 2011

by TJ Luoma (Mar 10th, 2011)

A flaw in WebKit, the engine that underlies Safari, Mobile Safari, and several other browsers, was found to be vulnerable in this year's "Pwn2Own" competition, as reported by ZDNet and many others. This is noteworthy for several reasons: first, because the exploit did not use Flash. You will ...

iPhone hacked at Pwn2Own contest

by Mike Schramm (Mar 24th, 2010)

An iPhone got hacked in just 20 seconds at this week's Pwn2Own hacking contest at CanSecWest 2010, reports Ryan Naraine for ZDnet. Hackers Vincenzo Iozzo and Ralf Philipp Weinmann demoed an exploit that allowed them to send a target iPhone to a web site that they'd set up online, and then copied ...

Browser security: "The main thing is not to install Flash!"

by TJ Luoma (Mar 2nd, 2010)

You may have noticed that I'm not a huge fan of Flash. My feelings pre-date the iPhone/iPad debate about whether or not Flash should be included on those devices. Even back when I was using Windows and Opera, one of the features I used most often was "Disable Plugins" -- which was really another ...

MacBook Air knocked out quickly in CanSecWest contest

by Michael Rose (Mar 28th, 2008)

Once the second-day rules went into effect for the PWN2OWN competition, allowing browser or email exploits to be used, it didn't take more than a few minutes for Charlie Miller, Jake Honoroff and Mark Daniel from ISE to get their 0day vulnerability to work on the target MacBook Air; they walk away ...