FORTUNE -- Everybody's Web software got "pwned" at the Pwn2Own hackers conference this week: Apple's (AAPL) Safari, Google's (GOOG) Chrome, Microsoft's (MSFT) Internet Explorer, Mozilla's Firefox and Adobe's (ADBE) Reader and Flash.
Chrome was hacked by a French team from Vupen Security with a use-after-free vulnerability that affects both the WebKit and Blink rendering engines.
Safari was defeated by Liang Chen, one of a pair Chinese Keen Team hackers, using a heap-overflow-and-sandbox-bypass combination that took three months to perfect.
"For Apple, the OS is regarded as very safe and has a very good security architecture," Chen told ThreatPost's Michael Mimoso. "Even if you have a vulnerability, it's very difficult to exploit. Today we demonstrated that with some advanced technology, the system is still able to be pwned. But in general, the security in OS X is higher than other operating systems."
In a separate interview with CNET, Chen said that OS X is harder to attack than iOS 7.0 because Apple issues security updates for its desktop operating system more frequently than for its mobile OS.
The two-day event, sponsored by Hewlett-Packard (HPQ) and organized by the HP-owned Zero-Day Initiative, paid out $850,000 in prize money to eight teams of competitors, plus another $82,500 in charitable donations. The event was staffed by observers from Apple and the other companies, which will presumably now start patching those holes.
"I think the Webkit fix will be relatively easy," Chen told Mimoso. "The system-level vulnerability is related to how they designed the application; it may be more difficult for them."
CORRECTION: An earlier version of this story had the prize money wrong. Keen Team won $62,500 for pwning Safari and another $75,000 for an Adobe Flash exploit for a total of $137,500. Source: Pwn2Own 2014: Rules and Unicorns
There were several $10,000 prizes at stake -- as well as some free mobile phones -- but at the end of the three-day Pwn2Own smartphone hacking contest at the big CamSecWest conference in Vancouver, British Columbia, which closed on Friday, none of the devices had been cracked.
The contest, sponsored by 3Com's (COMS) TippingPoint computer security division, pitted some of the world's sharpest hackers and computer security experts against five smartphones: MOREPhilip Elmer-DeWitt - Mar 21, 2009 12:28 PM ET
How secure is your smartphone? We may find out next month.
Hackers and computer security experts gathering on March 18 in Vancouver, British Columbia, for the third annual Pwn2Own contest will be targeting five smartphones: an Apple (AAPL) iPhone, a Research in Motion (RIMM) BlackBerry and phones running on Google's (GOOG) Android, Microsoft's (MSFT) Windows Mobile and Nokia's (NOK) Symbian operating systems.
The contest, sponsored by 3Com's (COMS) TippingPoint computer security division, MOREPhilip Elmer-DeWitt - Feb 26, 2009 12:43 PM ET
|Regulators pave way for Internet "fast lane" with net neutrality rules|
|GM's $1.3 billion recall cost wipes out profit|
|Taxpayers are subsidizing CEO pay - The Buzz|
|Coffee prices skyrocket after Brazil drought - The Buzz|
|Female gun instructors in hot demand|