Print 24 comment(s) - last by AraH.. on Apr 25 at 9:09 AM

MacBook attacked through security hole in Safari web browser

The two-day "PWN to Own" hack-a-Mac contest, organized by CanSecWest, in Vancouver, British Columbia was the base for competitors to show off their hacking talents.  One team stood up to challenge and managed to exploit the Mac in 9 hours.  Shane Macaulay, a software engineer, won the very MacBook that he exploited, through a zero-day security hole in Apple's Safari browser.

Macaulay's attack on the MacBook came with the aid of Dino Dai Zovi, a security researcher who had been previously credited by Apple for finding flaws in the company's software.  In a telephone interview with CNET, Dai Zovi stated, "The vulnerability and the exploit are mine.  Shane is my man on the ground."  According to the CanSecWest website, there is an exploitable flaw in Safari which can be triggered within a malicious web page.

Apple spokeswoman, Lynn Fox, gave the usual comment on Mac security, "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users."

The hack-a-Mac contest consists of two MacBooks set up with their own access point and all security updates installed, but without additional security software.  Contestants will be able to connect to the computers through the access point through Ethernet or Wi-Fi.  According to the website, the two parts of the challenge include finding a flaw that allows the attacker to get a shell with user level privileges, then doing the same and also getting root.

The second OS X box did not get exploited by the second and last day.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Instead of fanboyism or bashing the OS...
By Hare on 4/24/2007 2:41:42 AM , Rating: 4
There is no such thing as a best browser. Everyone has different needs and some browsers fulfill those better than others.

My personal choice is Firefox because I can easily extend it to make my browsing experience better (extensions). It also has brilliant tools that I use everyday (web developer toolbar) etc. Being open source is just frosting on the cake.

Safari and Opera are also good browsers and IE7 is the first MS browser that actually seems to work properly (box-model etc). As a web developer I'm anxiously waiting for the moment when IE6 gets under a certain user percentage so that I can stop supporting it (IE6 always requires special hacks to get along with real browsers -> more work).

By swatX on 4/24/2007 3:42:04 AM , Rating: 2
thank you for explaing it clearly that THERE IS NO BEST BROWSER!

everybody has their own needs and i prefer IE 7. I must say, till now i havent got any viruses and such. Probably because i know how to protect my computer with just mouse clicks.

"I'd be pissed too, but you didn't have to go all Minority Report on his ass!" -- Jon Stewart on police raiding Gizmodo editor Jason Chen's home

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki