Contestants At Pwn2Own Take Down Safari But Said Os X Security Is Better Than Other Systems

The team took home a $40,000 bounty for their efforts on Safari, as well as a share in a $75,000 prize for co-engineering a zero-day Flash exploit. They say they will donate some of their winnings towards charities representing missing Malaysian Airplane passengers.

The group say that for Safari, they used two different exploit vectors. One vulnerability was a heap overflow in WebKit that enabled arbitrary code execution. The team then used this opening to use another exploit to bypass the application sandbox and run code as if it was user privileged.

According to Chen, one of the pair who represented the Keen Team at Pwn2Own, the WebKit fix is will be easy for Apple to resolve although the sandbox exploit may be harder.

That being said, Chen believes that OS X offers better security than its rival operating systems.

In a separate interview with CNET, Chen said that despite the locked-down nature of iOS, Apple’s mobile OS is usually easier to target than OS X because Apple implements newer security safeguards more quickly on the desktop platform.

As usual, Apple representatives observed the exploits at the event so fixes for the issues will likely appear bundled into future software updates for iOS and OS X.