Charlie Miller (right), the security researcher who won last year’s Pwn2Own hacker contest, is predicting that Apple’s Safari browser will be the easiest target this year.
In a note posted on the popular Daily Dave mailing list, Miller describes Safari as “easy pickin’s” and forecasts that at least four zero-day Safari flaws will be used during the contest at CanSecWest later this month.
September 2, 2016 , 10:00 am
August 10, 2016 , 11:00 am
August 8, 2016 , 9:00 am
This year’s contest will pit hackers against browsers and smart phones with Internet Explorer, Firefox, Safari, Opera and Chrome among the high-profile targets. It will also include attacks against fully patched BlackBerry, Android, iPhone, Symbian and Windows Mobile phones in their default configurations.
Here are Miller’s predictions:
Safari: hacked by 4 different people. Easy pickin’s as usual.
Android: hacked by 1 person. Not too tough but no one owns one.
IE8, Firefox: Survive unscathed. The bugs to exploit equation is too hard for $5k.
iPhone, Symbian: Survive due to non-executable heap.
Blackberry, Windows Mobile, Chrome: I don’t know enough to say anything intelligent. That said, they’re probably hard/obscure and so survive.
TippingPoint ZDI has more information on the rules and targets for this year’s contest.