backtop


Print 24 comment(s) - last by AraH.. on Apr 25 at 9:09 AM

MacBook attacked through security hole in Safari web browser

The two-day "PWN to Own" hack-a-Mac contest, organized by CanSecWest, in Vancouver, British Columbia was the base for competitors to show off their hacking talents.  One team stood up to challenge and managed to exploit the Mac in 9 hours.  Shane Macaulay, a software engineer, won the very MacBook that he exploited, through a zero-day security hole in Apple's Safari browser.

Macaulay's attack on the MacBook came with the aid of Dino Dai Zovi, a security researcher who had been previously credited by Apple for finding flaws in the company's software.  In a telephone interview with CNET, Dai Zovi stated, "The vulnerability and the exploit are mine.  Shane is my man on the ground."  According to the CanSecWest website, there is an exploitable flaw in Safari which can be triggered within a malicious web page.

Apple spokeswoman, Lynn Fox, gave the usual comment on Mac security, "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users."

The hack-a-Mac contest consists of two MacBooks set up with their own access point and all security updates installed, but without additional security software.  Contestants will be able to connect to the computers through the access point through Ethernet or Wi-Fi.  According to the website, the two parts of the challenge include finding a flaw that allows the attacker to get a shell with user level privileges, then doing the same and also getting root.

The second OS X box did not get exploited by the second and last day.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Well....
By Korr on 4/23/2007 8:11:07 PM , Rating: 2
...at least it took 9 hours, LOL.




RE: Well....
By Bonrock on 4/24/2007 1:08:29 AM , Rating: 5
Nine hours to discover a security flaw and write code to exploit it is really not that long. Compare that to Windows Vista, for example. Hackers have been banging on that thing since it was released to businesses in November, and those five months, they've only found one critical zero-day vulnerability.

But wait, that can't be right--after all, I heard somewhere that Macs are more secure than Windows.


RE: Well....
By Scott66 on 4/24/2007 1:49:45 AM , Rating: 2
As it says in the article the successful hacker was standing on Dino's shoulders thank to his months of work. It is real hard to email and get the answers. The successful hacker didn't even have to create the webpage that contained the code to activate the virus.

This means the hacker would need to read the donated web page's code and see what the virus can exploit and then ask the expert how he did it. 9 hours


OSX flaw
By jimmiwalker on 4/24/2007 6:05:20 AM , Rating: 2
Well, I don't really see why it's not an OSX flaw that you can exploit the OS through Safari. That means, you can hack the whole system if anything is flawed. Eg. in Vista, applications run with minimal rights, so you achieve basicly nothing by exploiting a browser. Isn't that the way to go for OSX? Why does a browser need more rights than accessing its own config files?




RE: OSX flaw
By Hare on 4/24/2007 6:32:27 AM , Rating: 1
Mac OS X has had advanced user permissions since day one (6 years ago) just like Vista, except OS X requires password confirmation for admin-tasks (unlike vista, where you just click "ok"). Mac OS X is basically a Unix/BSD system with a nice GUI so it's pretty robust.

They didn't get root access so they were only able to execute basic user-level commands. That's enough to read file contents and delete files etc. Not enough to really "nuke" the computer.


RE: OSX flaw
By archermoo on 4/24/2007 11:30:27 AM , Rating: 2
quote:
Mac OS X has had advanced user permissions since day one (6 years ago) just like Vista, except OS X requires password confirmation for admin-tasks (unlike vista, where you just click "ok").


Not quite true for vista. Or I should say only true if you are logged in as an account that is in the Administrators group. If you are logged in as a normal user you have to provide the username and password of an account with Admin access.


Apple = waste of money
By KeypoX on 4/24/2007 7:16:46 AM , Rating: 2
Why is it so "cool" to like apple? Do the commercials really sway you guys that good. I think apple sucks unless all you want to do is browse the internet then fine it works. But other then that what is the point? All my professors use apples and its so funny they always have compatibility problems and say something on the lines of 'stupid pcs'. That is so funny they blame the pc for not working for their office that is ported to their mac. Anyways most people who use macs are the same people that goto starbucks and are so fcking smug.

Oh the biggest point mac = low performance for a high price. But it looks so pretty




RE: Apple = waste of money
By dare2savefreedom on 4/24/2007 4:52:56 PM , Rating: 3
Why are you asking?

You are talkin to the people who buy books by their covers.

In other words - illogical people.

"All my professors" - exactly : those that can do, those that can't teach

It's all about business. Think(I know you're not a mac user so this is possible) about it
who would you rather sell to? Elite PC user(think arnold swatz in commando) who will minimize the fat prophet you can milk from them or stupid noob mac user(think dumb and dumber) that doesn't know mouse button 1 from 2. That wont even know the difference between forced upgrades and valid upgrades, that don't even know that their entire computer was taken over so they can't sue. Whom you can overcharge because they don't know they've been ripped off.

Who do you want to milk?

Milk the wolf or milk the cow?


ummmm
By gorgeousgeorge on 4/24/2007 7:10:35 AM , Rating: 2
Linux?....




Instead of fanboyism or bashing the OS...
By daftrok on 4/24/07, Rating: -1
RE: Instead of fanboyism or bashing the OS...
By Hare on 4/24/2007 2:41:42 AM , Rating: 4
There is no such thing as a best browser. Everyone has different needs and some browsers fulfill those better than others.

My personal choice is Firefox because I can easily extend it to make my browsing experience better (extensions). It also has brilliant tools that I use everyday (web developer toolbar) etc. Being open source is just frosting on the cake.

Safari and Opera are also good browsers and IE7 is the first MS browser that actually seems to work properly (box-model etc). As a web developer I'm anxiously waiting for the moment when IE6 gets under a certain user percentage so that I can stop supporting it (IE6 always requires special hacks to get along with real browsers -> more work).


By swatX on 4/24/2007 3:42:04 AM , Rating: 2
thank you for explaing it clearly that THERE IS NO BEST BROWSER!

everybody has their own needs and i prefer IE 7. I must say, till now i havent got any viruses and such. Probably because i know how to protect my computer with just mouse clicks.


By mlau on 4/24/2007 4:18:24 AM , Rating: 2
w3m of course :)
I doesn't do any of the things that make the other browsers
exploitable. I consider a website to be well made if it
displays well in w3m. Javascript/Ajax/DHTML and all that
other humbug, who needs those things?

:)


"Hacking" eh?
By THEiNTERNETS on 4/24/07, Rating: -1
RE: "Hacking" eh?
By James Holden on 4/24/2007 1:29:42 AM , Rating: 5
quote:
2) The exploit they did use was in Safari. So maybe we should call this deadline "hacking Safari."

Because Safari works so well on Windows.

quote:
3) Since when did "hacking" become emailing a link to a malicious webpage which the user then has to click on? Seriously guys? Seriously!?

You're right! Apple should stop fixing these "bugs" since it's not really a hack!

quote:
How many IE or Firefox flaws exist that allow you to do this to a Vista or XP machine?

None, since someone fixed them already.

quote:
Hacking a Macbook should mean taking control away from the user just by them being on the unsecured WiFi...

Someone already did that hack.
http://blog.washingtonpost.com/securityfix/2006/08...

quote:
Those types of attacks were the REAL security flaws to be nervous about in XP.

So why didn't they get fixed on the Apple? Hubris?


RE: "Hacking" eh?
By Scott66 on 4/24/2007 1:42:14 AM , Rating: 1
That mac wifi exploit could only work if the mac user decided it would be a good idea to connect to a different non preferred network.

The hacker couldn't take over the wi-fi connection. He had to wait until the user handed him the control.

This is all mute because this has been fixed by both mac and windows. I do remember the apple was fixed first.


RE: "Hacking" eh?
By James Holden on 4/24/2007 2:10:12 AM , Rating: 2
quote:
This is all mute because this has been fixed by both mac and windows. I do remember the apple was fixed first

I'm not one to correct grammar usually, but the word you're looking for is *moot*


RE: "Hacking" eh?
By MonkeyPaw on 4/24/2007 7:40:52 AM , Rating: 2
Yeah, just think back to the movie "Office Space" and Tom's "Jump to Conclusions" mat. "Moot" is one of the "conclusions" that you can jump to. No kidding, that's how I learned the word "moot." :)


RE: "Hacking" eh?
By Scott66 on 4/24/2007 11:06:49 AM , Rating: 2
I apologize for using the wrong word. What I did though though is not a grammatical mistake but a homonym error. At least I tried to use the right word. If you wish to point the flaws in other, don't make one yourself.


RE: "Hacking" eh?
By OCedHrt on 4/24/2007 3:38:02 AM , Rating: 4
Did you even read the article?

"...this attack can be carried out whether or not a vulnerable targeted laptop connects with a local wireless network. It is, they said, enough for a vulnerable machine to have its wireless card active for such an attack to be successful."

Of concern is that on Windows, device driver updates are not automatically installed by Windows Update.


RE: "Hacking" eh?
By Hare on 4/24/2007 2:33:17 AM , Rating: 2
quote:
How many IE or Firefox flaws exist that allow you to do this to a Vista or XP machine?
quote:

None, since someone fixed them already.


Really? You couldn't be more wrong:

Close to 20% of Secunia's over 100 vulnerabilities are reported unpatched. Even with the latest vendor patches there are "moderately critical" vulnerabilities around waiting to be exploited. 15% of all vulnerabilities have been "extremely critical". 36% have given system access!

Don't make up "facts" because there are people who will always check them. You will only end up looking like a fanboy (or a pointless Apple hater).

http://secunia.com/product/11/?task=statistics

Ps. Don't give me spelling advice. This is not my native tongue.


RE: "Hacking" eh?
By KristopherKubicki (blog) on 4/24/2007 4:37:05 AM , Rating: 3
Sounds like the exploit he used might even work on Firefox with QuickTime installed as well. Seems like it's Java/QT bug?

http://www.matasano.com/log/806/hot-off-the-matasa...


RE: "Hacking" eh?
By Hare on 4/24/2007 4:49:45 AM , Rating: 2
So it seems "The vulnerability affects Firefox as well as Safari". Thanks for the link.

It seems that Windows users are also at risk if Quicktime has problems.


RE: "Hacking" eh?
By AraH on 4/25/2007 9:09:25 AM , Rating: 2
and quicktime is developed by...


"We can't expect users to use common sense. That would eliminate the need for all sorts of legislation, committees, oversight and lawyers." -- Christopher Jennings











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki