To exploit IE8, Fewer bypassed Protected Mode, said Aaron Portnoy, manager of TippingPoint's security research team and the organizer of Pwn2Own for each of its five years. Protected Mode is Microsoft's name for the sandbox-like anti-exploit technology designed to isolate the browser from the operating system and the rest of the computer.
Vupen, which was waiting in the wings in case Fewer failed, did not get a chance to try its luck against IE8.
Microsoft, which has engineers from its Microsoft Security Response Center (MSRC) at the Canadian contest, said it was already on the case.
"Our top security researchers are already investigating the IE exploit used in the Pwn2Own contest," the MSRC team said via Twitter Wednesday afternoon.
Earlier this week, Microsoft had said it had not updated IE -- as Apple, Google and Mozilla all did in the days leading up to the contest -- because the move would have been too disruptive to customers.
As Jerry Bryant, a group manager with MSRC, pointed out Tuesday, TippingPoint reports the vulnerabilities exploited at Pwn2Own to vendors, who have six months to fix the flaws before TippingPoint goes public with any technical information. Thus, there is little danger of any exploited bug falling into cybercriminals' hands.
In an interview after the day's activities wrapped up, TippingPoint's Portnoy said that Firefox had been rescheduled for Thursday and that the researchers who had earlier committed to tackling Chrome had either not shown up or had decided to focus on RIM's BlackBerry smartphone.
The four smartphones will be subjected to attack Thursday, Portnoy said.
Pwn2Own's smartphone track features devices running Apple's iOS, Google's Android, Microsoft's Windows Phone 7 and RIM's BlackBerry OS. TippingPoint will award $15,000 for the first hack of each of the smartphones.
Sign up for Computerworld eNewsletters.