Pwn2Own MacBook attack: Charlie Miller hacks Safari again
Summary: For the third year in a row, Charlie Miller has hacked into a MacBook by exploiting a critical Safari browser vulnerability.
VANCOUVER, BC -- For the third year in a row, Charlie Miller has hacked into a MacBook by exploiting a critical Safari browser vulnerability.
At the CanSecWest Pwn2Own hacker contest here, Miller performed a clean drive-by download against Safari to get a full command shell on the MacBook.
[ ALSO SEE: Hacker exploits IE8 on Windows 7 to win Pwn2Own ]
In the attack, Miller set up a special Web page with the exploit. Using Safari, a conference organizer surfed to the Web page and watched and Miller took control of the machine.
Details of the vulnerability are being kept under wraps until Apple releases a fix. TippingPoint Zero Day Initiative (ZDI), the contest sponsors, will handle the process of reporting the issue to Apple.
Miller, who uses fuzzers to find security vulnerabilities, is slated to deliver a conference presentation on fuzzing techniques against popular software products.
[ ALSO SEE: Pwn2Own 2010: iPhone hacked, SMS database hijacked ]
More to come...
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Hackers always go after low hanging fruit first
[b]Apple cultist logic[/b], the easiest mobile
phone to hack is the iPhone and the easiest
browser to hack is Safari. Makes me glad I don't
use either of those security sieves.
Great Point Except...
They say lottery but the iPhone came out first in line... which is
convenient for them from a publicity point of view...
Please see 2.1 {nt}
RE: Pwn2Own MacBook attack: Charlie Miller hacks Safari again
These are not hackers, they are security experts - are you that dumb
We are told this time and time again. So, using
Apple cultist logic, the easiest mobile
phone to hack is the iPhone and the easiest
browser to hack is Safari. Makes me glad I don't
use either of those security sieves.[/i]
Yet again you obviously miss the point and make outrageous claims.
Hackers go after the money.
Pwn2Own contestants are not hackers, they are the people who work
to stop hackers.
A bit like the difference between an Anti-Terrorism consultant and a
terrorist.
Terrorists blow people up, they go after those they wish to blow up,
and target those they can blow up easiest.
Anti-Terrorism consultants get paid big money to find ways to stop
the hard to reach targets from being hit.
So if this was a terrorism related competition, the big prize would be
to hit the target with the best security.
And this outcome would not validate any statements about the targets
of suicide bombers.
You are either a fool, or have an agenda in these statements, which is
it?
And your clever security threat assessment is clearly borne out by the
number of infected PCs, and the lack of infected Macs, isn't it?
You completely missed the point... by a country mile.
The point is - The bloody thing got HACKED. Period.
Yes, it's all very well and good that the folks who hack at CanSecWest are security researchers and not some Romanian or Russian bad guys who are out to build a botnet or some such. God help you guys if you they weren't quite so honest.
You'd be making a royal mess in your undies if this stuff ever got out into the wild and got into a crimeware gangs' collective hands - AND if anyone in one of those gangs ever gave a flying fig about the Mac.
What's even worse... Apple released a slew of patches in the past couple of weeks that were all security related. And it STILL got pwned!
The bottom line of the article obviously didn't sink in all the way -
"At the CanSecWest Pwn2Own hacker contest here, Miller performed a clean drive-by download against Safari to get [b]a full command shell on the MacBook." [/b]
That sounds to me a lot like ROOT level access. We keep hearing that's supposed to be impossible. And yet, it still happened.
lol wow
RE: Pwn2Own MacBook attack: Charlie Miller hacks Safari again
2) Charlie Miller explicitly claims to go after low hanging fruit. Search around and you won't find interviews with him hard to find.
3) The reason they go after the low hanging fruit is that there is money in finding an exploit (again this based on interviews with the contestants) and they save their best exploits for where they can get money.
4) There have been successful in the wild attacks against macs and linux. Many years ago a guy challenged the world by putting a fully patched Mac outside a firewall and challenged the world to hack it. It fell within 30 minutes.
5) Macs are not as interesting targets because Apple really doesn't do servers and servers are the primary targets of hacks.
6) BSD on which OS-X based was found to have a back door that went un-noticed for over a year.
"Hacker exploits IE8 on Windows 7 to *win* Pwn2Own" so yes you're right.
You're awfully quiet on that thread. Wonder why.
good catch, you found an incorrect title
http://blogs.zdnet.com/security/?p=5836
That is why Windows 7 fell the fastest.
and Windows 7 (64 bit).
Yep, lowest hanging fruit did win.
Quote you Bruizer, "Yep, lowest hanging fruit did win."
[i]http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010
Here are the results, in order:
1.PWNED! Vincenzo Iozzo and Ralf Philipp Weinmann - iPhone
2.PWNED! Charlie Miller - Safari
3.Nils - Safari (Prize Claimed)
4.PWNED! Peter Vreugdenhil - Internet Explorer 8
5.MemACCT - Internet Explorer 8 (Prize Claimed)
6.Anonymous - Nokia
7.Anonymous - iPhone (Prize already won)
8.PWNED! Nils - Firefox
Competition Results (still in progress)
Vincenzo Iozzo and Ralf Philipp Weinmann succeeded in exploiting the iPhone in the first time slot. They exploited a 0day Safari vulnerability with a payload which retrieved the text messages from the device.
As the luck of the draw would have it Nils on Safari, MemACCT on IE 8 and Anonymous on iPhone lost their time slots as the prizes had already been claimed. Their vulnerabilities are still eligible for submission through the Zero Day Initiative.
Tags:
Published On: 2010-02-15 16:41:27[/i]
Incredible the FUD+BS Apple zealots spew... But it only works on imbeciles.
Like you say Bruizer: [i]"Yep, lowest hanging fruit did win".[/i]
[i]~~~~~~~~~~~
The game of life is the game of boomerangs. Our thoughts, deeds and words return to us sooner or later, with astounding accuracy.
~ Florence Scovel Shinn[/i]
Fell the fastest...
first. Perhaps you didn't read the rules you linked to?
Safari Easier to Hack Than IE8
It's not how quickly the exploit acts that determines how secure a system is, it's how hard it is to write the exploit that hacks the system.
But why burden yourself with facts when uninformed opinion is much more aligned with your personal views.
er, miller does this for a living...
against his 1 week exploit as opposed to 2 weeks from someone coming
at this fresh then?
er, so does Vreugdenhil...
But again, please feel free to twist the facts around to fit with your point of view.
How wrong can one guy be?
Look in the mirror and ask yourself...
If it takes a carpenter two days to build one table and four days to build another, the second table was, by definition, harder to build. The same applies here.
Not the same carpenter
another, the second table was, by definition, harder to build."
But this was not A carpenter. This was 2 different carpenters.
You can't compare because you have no idea of the relative skills of the
two programmers.
Not necessarily, since...
two-pronged attack simply for the speed, since his single attack
could had done the job alone. He also stated that he added eye-
candy to the attack for entertainment purposes.
What's worse, Windows 7 fell twice, once with IE8 and again with
Firefox. Where is Windows' vaunted security?