Safari used to hijack MacBook Pro at Pwn2Own 2011

A flaw in WebKit, the engine that underlies Safari, Mobile Safari, and several other browsers, was found to be vulnerable in this year's "Pwn2Own" competition, as reported by ZDNet and many others. This is noteworthy for several reasons: first, because the exploit did not use Flash. You will remember that last year's Pwn2Own winner stated "the main thing is not to install Flash" for browser security. Secondly, it is important because WebKit is used not only by Safari but several other browsers, notably several mobile browsers, although it is not immediately apparent whether this same bug could be exploited on a mobile platform. It's also possible that the exploit could make Windows and even Linux computers vulnerable if they are running a WebKit-based browser, but details are not fully known.

Computerworld noted that Google's $20,000 reward for anyone who could break into Chrome on opening day went unclaimed, as the contestant who had signed up did not appear at the Pwn2Own contest. It is unknown whether Google paid to have him assassinated (that's a joke folks, lighten up). Computerworld went on to note that according to the current schedule no one is even going to try to attack Chrome this year, meaning that it could survive a record three consecutive Pwn2Own contests. That is particularly surprising to me since Google Chrome includes its own version of Adobe Flash, but if you're looking to use the most secure browser out there, Google Chrome looks to be your browser of choice.

[via Slashdot]