Last week, Apple released iTunes 10.2 update patching number of Vulnerabilities in WebKit, the Web-rendering engine that powers Safari & the iTunes Store. According To French security firm VuPen, Apple plans to add patches to Safari browser before the hacking competition Pwn2Own 2011 at CanSecWest commences.
In the security update for iTunes 10.2, Apple made note of 50 Separate Vulnerabilities related to memory corruption issues. Those issues “could enable a man-in-the-middle attack while browsing the iTunes Store, which could lead to “unexpected application termination or arbitrary code execution.”
However, security researcher Charlie Miller, known for pwning Safari browser for the last 3 years, does not think that this critical patch will stop him to crack Apple’s flagship browser for the fourth time.
“In years past, when I was first in line in the contest, I was very nervous that my vulnerability would get patched before the competition. Sometimes I sat on the vulnerability for an entire year waiting for the contest and I would have been sad if it got patched at the last second,” Miller said. “This year, for Safari, I’m fourth or fifth in line to try, so I don’t think it will affect me. At least one of those [other] guys will have their [vulnerability] not get patched or else the patch is so massive, it’ll probably patch mine too.”
In the fifth annual Pwn2Own contest, Hackers will have a chance to compromise IE8, Safari 5, Firefox 3, and Chrome 9 running on the latest hardware. Winners would have a chance to take away cash prizes worth $125,000, laptops, including a 13″ MacBook Air for the hacker who pwns Safari. This time the range of mobile device to be hacked has been increased to 4: Dell Venue Pro, iPhone 4, Blackberry Torch 9800 OS 6.0 and android OS based Nexus S. Via Ars
0 comments:
Post a Comment