October 22, 2016

Google Chrome Browser First to Fall at Pwn2Own 2012

(LiveHacking.Com) – Google spends a lot of time, effort and money on making Chrome as secure as possible. However software can never been 100% secure. This was proved during this year’s CanSecWest Pwn2Own hacker contest where Chrome was the first browser to fall to the hackers.

A team of French hackers from VUPEN, which sells vulnerabilities and exploits to government customers, took down Chrome due to an impressive set of exploits. VUPEN co-founder and head of research Chaouki Bekrar and his team attacked Chrome via a pair of zero-day vulnerabilities to take complete control of a 64-bit Windows 7 PC with all the latest Microsoft patches applied. The team worked for six weeks prior to the competition to find the vulnerabilities and write the exploits.

In an interview, Bekrar said “We had to use two vulnerabilities. The first one was to bypass DEP and ASLR on Windows and a second one to break out of the Chrome sandbox.”

According to Bekrar, who declined to say if any of the exploits targeted third-party code (like Adobe Flash), the exploit used a use-after-free vulnerability in the default installation of Chrome. To launch the hack the team created a web page booby-trapped with the exploit code. Once the target page was opened in Chrome, the exploit ran and opened the Calculator (calc.exe) and so demonstrated that the exploit bypassed Chrome’s sandbox and had direct access to Windows.

The most controversial aspect of all this is that VUPEN will sell the rights to one of the zero-day vulnerabilities but the company says it won’t give up the sandbox escape but intends to keep it private for its customers. This goes against the whole ethos of security research and full disclosure.

VUPEN isn’t only hacking Chrome, the company says it also has exploits for Microsoft Internet Explorer, Apple Safari and Mozilla Firefox.

Apple Releases OS X 10.6.7 And Fixes Pwn2Own Vulnerability

Apple has released OS X 10.6.7 a maintenance release of the “Snow Leopard” Mac operating system and a security update for OS X Leopard (10.5). On the security front 10.6.7 and Security Update 2011-001 for 10.5 essentially deal with the same issues. OS X 10.6.7 also adds some minor new functionality to OS X Snow Leopard.

At the heart of these updates are patches for the vulnerabilities recently demonstrated at Pwn2Own the annual hacking contest where the winners receive the device/computer that they successfully hacked and a cash prize. During this years contest (held in early March) Charlie Miller used an exploit in the iPhone 4’s built-in Safari browser to surf to a specially created Web site hosting a Microsoft PowerPoint document. Opening the document allowed Miller to hijack the iPhone. However it has now been revealed that this vulnerability was not limited to iOS but also exists in OS X.

The full list of security fixes in 10.6.7 is quite long but the highlights are:

  • AirPort – When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset
  • Apache is updated to version 2.2.17 to address several vulnerabilities, the most serious of which may lead to a denial of service
  • CoreText – Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
  • HFS – A local user may be able to read arbitrary files from an HFS, HFS+, or HFS+J filesystem
  • ImageIO – Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • ImageIO – Viewing a maliciously crafted image may result in an unexpected application termination or arbitrary code execution
  • Kernel – A local user may be able to execute arbitrary code with system privileges
  • PHP is updated to version 5.3.4 (5.2.14 on OS X 10.5) to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution
  • QuickLook – Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution

10.6.7 also adds some minor improvements / features including:

  • Includes Safari 5.0.4.
  • Includes RAW image compatibility for additional digital cameras.
  • Improves brightness on external displays and projectors.
  • Includes the ability to repair certain issues that may prevent hardware RAID volumes from mounting.