MacBook Air falls in two minutes at PWN 2 OWN

The MacBook Air fell in two minutes at the CanSecWest security conference's PWN 2 OWN. According to Infoworld, Charlie Miller won the $10,000 pr

ize. Under the contest rules, organizers offered Sony Vaio, Fujitsu U810, and the MacBook as prizes. On day 1 no one won because they couldn't hack into the laptops with a zero day attack. The MacBook runs OS X 10.5.2. The Vaio runs on Ubuntu 7.10 and the Fujitsu runs on Vista Ultimate. Those two laptops are still standing, but that may be because there's more hacker glory in taking down the MacBook Air.

On Day 2, the rules are relaxed. Two minutes later Miller had his prize. Miller is the researcher behind the first iPhone hack.

Chatter on Twitter indicates that Miller's winning hack was a browser exploit. However, the Zero Day Initiative owns the code so details were sparse.

Ryan Naraine reports:

According to sources at the conference, Miller used an exploit against the Safari browser that ships standard with Mac OS X. Details of the vulnerability and the attack vector are now the property of TippingPoint's ZDI (Zero Day Initiative), the sponsor of the Pwn2Own challenge.

The Zero Day Initiative has confirmed the winner. In a post, ZDI said:

At 12:38pm local time, the team of Charlie Miller, Jake Honoroff, and Mark Daniel from Independent Security Evaluators have successfully compromised the Apple MacBook Air, winning the laptop and $10,000 from TippingPoint's Zero Day Initiative.  They were able to exploit a brand new 0day vulnerability in Apple's Safari web browser.  Coincidentally, Apple has just started to ship Safari to some Windows machines, with its iTunes update service. The vulnerability has been acquired by the Zero Day Initiative, and has been responsibly disclosed to Apple who is now working on the issue.  Until Apple releases a patch for this issue, neither we nor the contestants will be giving out any additional information about the vulnerability.