MacBook and Safari succumb to hackers

MacBook and Safari succumb to hackers

Summary: Charlie Miller came to Vancouver's CanSecWest security conference to defend his title in the PWN 2 OWN hacking contest. Last year Miller took home the MacBook Air and a $10,000 cash prize Thursday after breaking into the machine.

SHARE:

http://blog.wired.com/gadgets/apple_lock-1.jpgCharlie Miller came to Vancouver's CanSecWest security conference to defend his title in the PWN 2 OWN hacking contest. Last year Miller took home the MacBook Air and a $10,000 cash prize Thursday after breaking into the machine.

This year Miller's MO was the same, bring the target MacBook to its knees and pocket $10k (and the MacBook). Zero Day's Ryan Naraine explains that the details of the exploit aren't being released:

TippingPoint’s Zero Day Initiative has acquired the exclusive rights to the vulnerability and coordinate the disclosure and patch release process with Apple. Technical details of the vulnerability will not be released until a patch is ready.

Miller boasted “It took a couple of seconds.  They clicked on the link and I took control of the machine,” Naraine says that Miller planned to hack into Safari and tested the exploit carefully to ensure “it worked the first time.”

Naraine also notes that Safari also succumbed to hackers in another contest at the conference:

“Nils” also scored a clean hit against Apple’s Safari (he was the second hacker to exploit Safari) and, later in the afternoon, he exploited a Firefox zero-day flaw to claim the trifecta.

Picture: Wired.

Topics: Apple, Hardware, Laptops, Mobility, Operating Systems, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Java / Safari / Firefox / IE Succumb, NOT MacBook

    Another bogus article that failed to check facts.

    The MacBook & OSX were not compromised during this contest... only Java on various browsers IF the hacker was given FULL physical access to the machines.

    It's not a likely scenario, so just ignore this story.
    Pederson
  • RE: MacBook and Safari succumb to hackers

    Actually, you should probably check your own facts. Since the target is a browser exploit, which is the most common avenue of infection for consumers, they are allowed to supply a web page that the "user" of the PC browses to. That's it. There are NOT granted physical access to the PC. You fail.

    Also: Java installs only apply on day 2. All of them were hacked on Day 1. You fail again.

    The judges went to the web page the Miller created, per the rules, and Miller had complete control over the desktop in seconds.

    To be clear -- Mac isn't LESS secure than the others because it got hacked. They all fell. It might even be true that mac is "more secure" by virtue of having less total code to exploit as a result of being a smaller market. But people who claim macs are "inherently secure" just because they aren't yet a big enough target for people to do this on a massive scale... well... epic fail.

    flyyoufools