Bekrar’s winning exploit did not even crash the browser after exploitation. Within five seconds of surfing to the rigged site, he successfully launched the calculator app and wrote a file on the disk without crashing the browser.

The exploit bypassed ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention), two key anti-exploit mitigations built into Mac OS X.

“The victim visits a web page, he gets owned. No other interaction is needed.”

Just to balance CC

Safari/MacBook first to fall at Pwn2Own 2011
clicky





and he won 15k plus a mac book air.

Apple issued the Safari 5.0.4 yesterday and also some Java Updates to address security issues. I wonder if they intentionally didn't download these before they started? Not that this makes it OK, as there must have been vulnerabilities there before these patches, but Apple's release date implies that they were issued because they knew this event was coming this week. I wonder if they were using Safari 5.0.4 or the older 5.0.3?

The hijacked machine was running a fully patched version of Mac OS X (64-bit)

Vupen previously wrote about the Safari patch on its Twitter feed. It said, "This breaks some exploits, but not all!"

Charlie Miller said that he also has an exploit for Safari up his sleeve, but that he didn't get to demonstrate it because the order of contestants to demonstrate their exploits is decided by a draw; VUPEN were drawn to appear first. However, Miller's exploit reportedly still functions in the updated version – whether the expert will save it for next year's Pwn2Own is unknown.