backtop


Print 24 comment(s) - last by AraH.. on Apr 25 at 9:09 AM

MacBook attacked through security hole in Safari web browser

The two-day "PWN to Own" hack-a-Mac contest, organized by CanSecWest, in Vancouver, British Columbia was the base for competitors to show off their hacking talents.  One team stood up to challenge and managed to exploit the Mac in 9 hours.  Shane Macaulay, a software engineer, won the very MacBook that he exploited, through a zero-day security hole in Apple's Safari browser.

Macaulay's attack on the MacBook came with the aid of Dino Dai Zovi, a security researcher who had been previously credited by Apple for finding flaws in the company's software.  In a telephone interview with CNET, Dai Zovi stated, "The vulnerability and the exploit are mine.  Shane is my man on the ground."  According to the CanSecWest website, there is an exploitable flaw in Safari which can be triggered within a malicious web page.

Apple spokeswoman, Lynn Fox, gave the usual comment on Mac security, "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users."

The hack-a-Mac contest consists of two MacBooks set up with their own access point and all security updates installed, but without additional security software.  Contestants will be able to connect to the computers through the access point through Ethernet or Wi-Fi.  According to the website, the two parts of the challenge include finding a flaw that allows the attacker to get a shell with user level privileges, then doing the same and also getting root.

The second OS X box did not get exploited by the second and last day.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Apple = waste of money
By KeypoX on 4/24/2007 7:16:46 AM , Rating: 2
Why is it so "cool" to like apple? Do the commercials really sway you guys that good. I think apple sucks unless all you want to do is browse the internet then fine it works. But other then that what is the point? All my professors use apples and its so funny they always have compatibility problems and say something on the lines of 'stupid pcs'. That is so funny they blame the pc for not working for their office that is ported to their mac. Anyways most people who use macs are the same people that goto starbucks and are so fcking smug.

Oh the biggest point mac = low performance for a high price. But it looks so pretty




RE: Apple = waste of money
By dare2savefreedom on 4/24/2007 4:52:56 PM , Rating: 3
Why are you asking?

You are talkin to the people who buy books by their covers.

In other words - illogical people.

"All my professors" - exactly : those that can do, those that can't teach

It's all about business. Think(I know you're not a mac user so this is possible) about it
who would you rather sell to? Elite PC user(think arnold swatz in commando) who will minimize the fat prophet you can milk from them or stupid noob mac user(think dumb and dumber) that doesn't know mouse button 1 from 2. That wont even know the difference between forced upgrades and valid upgrades, that don't even know that their entire computer was taken over so they can't sue. Whom you can overcharge because they don't know they've been ripped off.

Who do you want to milk?

Milk the wolf or milk the cow?


"So, I think the same thing of the music industry. They can't say that they're losing money, you know what I'm saying. They just probably don't have the same surplus that they had." -- Wu-Tang Clan founder RZA











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki