Apple's Safari browser was the first to be broken at this year's pwn2own contest at the CanSecWest conference in Vancouver.
Safari, being run on a fully patched Mac OS X, was exploited by vulnerability research company Vupen. It said on its Twitter feed that it ‘pwned Apple Safari on Mac OS X (x64) at pwn2own in five seconds. Congrats to all Vupen team members for their hard work'.
It previously commented that Apple had released Safari 5.0.4 and iOS 4.3 a few minutes before the pwn2own contest, yet it was able to break the up-to-date software by successfully exploiting a zero-day flaw. Vupen won a £15,000 cash prize and a 13-inch MacBook Air for winning the contest.
Shortly afterwards, Stephen Fewer from vulnerability research and consultancy company Harmony, tweeted that he had ‘just popped ie8 at pwn2own'. Fewer received a laptop and a $15,000 cash prize for his efforts.
Aaron Portnoy, manager of the security research team at Pwn2Own sponsor HP TippingPoint, pointed out that Fewer had successfully compromised Internet Explorer with a Protected Mode bypass switched on.
Technical details of the exploits legally belong to HP TippingPoint under contest rules; they provide information to Microsoft and Apple and give them six months to fix the flaws before publicising them.