Pwn2Own hackers reveal iOS Safari and Samsung Galaxy S4 security holes




expertreviews.co.uk-siena -
Hackers at the Mobile Pwn2Own 2013 event in Japan have revealed security holes in Apple's Safari browser and some Samsung Galaxy S4 smartphone apps.

In a Zero Day Initiative contest, which is being hosted by HP together with competition co-sponsors Google and Blackberry, hackers were awarded $67,500 for the disclosure of multiple 0-day vulnerabilities and exploit techniques in the Safari browser and Samsung mobile applications.

Two teams in the competition from China and Japan demonstrated the security exploits.

In the mobile browser category, Keen Team, a group of security researchers from China, demonstrated two exploits on the iPhone 5 and won $27,500. They first demonstrated an exploit against the Safari browser running on iOS 7.0.3, followed by another exploit on Safari running on iOS 6.1.4. These exploits allow a remote attacker to exfiltrate the cookie database and photos from Apple’s iPhone.

Japan’s Mitsui Bussan Secure Directions,. demonstrated an exploit that leveraged vulnerabilities against several applications that are installed by default on the Samsung Galaxy S4. Combined, these bugs allow the silent installation of a malicious application and the theft of sensitive user data including SMS messages, contact list and web browsing history. This successful attack netted the hackers $40,000.

"We are excited to bring Pwn2Own to Japan to see the breadth of research from across the world, including exploits which reveal techniques that can help internal security teams improve their mitigations," an HP spokesman said.


Andoid Games

No comments:

Post a Comment