PWN to OWN - MacBook Air Compromised in 2 Minutes

Laptop says: 'Thanks a lot Safari...'

By on March 28th, 2008 09:51 GMT
Well, this is a bit of a surprise. This year's 'PWN to Own' contest hosted at CanSecWest saw Apple's MacBook Air get PWNED in 2 minutes flat. Charlie Miller (famed iPhone hacker), Jake Honoroff and Mark Daniel of Independent Security Evaluators have successfully compromised the Apple MacBook Air, exploiting a new Zero Day vulnerability in Apple's Safari web browser.

Safari? And to think that Apple has just updated the thing... Oh well, don't expect a new update too soon as the rules of the contest clearly say that hackers have to sign this non-disclosure agreement - they have to shut up about it until "TippingPoint can notify the vendor." That's OK though. 10Gs and a brand-new Air can pretty much buy anyone's silence, not to mention a nerd's.

As DVLabs notes, "Coincidentally, Apple has just started to ship Safari to some Windows machines, with its iTunes update service," a topic we've already dissected once or twice here at Softpedia. No reason to worry though. Whether you're a Mac owner running Safari or a Windows user running the same web browser, the vulnerability has been "responsibly disclosed to Apple." The Cupertino labs are patching the exploit as we speak, while neither of the parties involved in the hack will be disclosing any additional information, that could potentially be used against Safari users.

The hacking competition is a "repeat of the 'PWN to Own' contest at CanSecWest in 2007, when security researchers competed to win a MacBook Pro and $10,000," according to an older CnetNews.com post. Security researchers Dino Dai Zovi and Shane Macauley shared the prize for successfully using a zero-day QuickTime vulnerability, compromising the MacBook. Windows platforms were subsequently found equally vulnerable to the hack.

This year's CanSecWest organizer, Dragos Ruiu, talked to ZDNet UK revealing that prizes would consist of "several laptops," but he couldn't confirm which particular models, as the security researcher was in Tokyo not just to organize the CanSecWest event, but to go "shopping for laptops" as well. Ruiu told interviewers he had not yet decided on the laptop models, but said he was looking for something "new and thrilling."

He added that they "want the prizes to inspire lust amongst geeks. It's going to be something lustworthy."
That's Charlie in the foreground exploiting the MacBook Air
   That's Charlie in the foreground exploiting the MacBook Air
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments