Blackberry falls............
http://www.zdnet.com/blog/security/p...ad-attack/8401
The BlackBerry is a system no one knows anything about. We know there’s a browser and a Java virtual machine. We had to assume that once we take over the browser, we can get further into the system,” Iozzo said.
While planning the attack scenario, the researchers used a small information leakage bug to see small parts of the device memory and used that information to plot the way the exploit was laid out.
The team did not have to jump through any anti-exploit mitigation hoops (the Blackberry does not have ASLR or DEP) but Iozzo said multiple bugs had to be chained together to see how the attack code was communicating with the rest of the system.
iphone falls.....................
http://www.zdnet.com/blog/security/c...4-exploit/8378
Safari goes in 5 seconds....................The attack simply required that the target iPhone surfs to a rigged web site. On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book.
http://www.networkworld.com/community/node/72070
IE 8 falls...............This year, the first to be quickly shamed was Safari on a Macbook Air. It involved a use-after-free flaw in the Apple browser and took only 5 seconds! Ars Technica reported, "French security firm VUPEN was first to attack the browser, and five seconds after the browser visited its specially-crafted malicious web page, it had both launched the platform calculator application (a standard harmless payload to demonstrate that arbitrary code has been executed) and wrote a file to the hard disk (to demonstrate that the sandbox had been bypassed)." VUPEN waltzed out with $15,000 and a new MacBook Air.
http://www.zdnet.com/blog/security/p...e_skin;content
Chrome remains strong as the contestant didn't show.Using three different vulnerabilities and clever exploitation techniques, Irish security researcher Stephen Fewer successfully hacked into a 64-bit Windows 7 (SP1) running Internet Explorer 8 to win this year’s CanSecWest hacker challenge.
Interesting. I am surprised that Blackberry got popped...........well not really.