Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Apple / Mac

Mac

PWN to OWN - MacBook Air Compromised in 2 Minutes

Laptop says: 'Thanks a lot Safari...'

By Filip Truta, Apple News Editor

28th of March 2008, 09:51 GMT

Adjust text size:


That's Charlie in the foreground exploiting the MacBook Air
Enlarge picture
Well, this is a bit of a surprise. This year's 'PWN to Own' contest hosted at CanSecWest saw Apple's MacBook Air get PWNED in 2 minutes flat. Charlie Miller (famed iPhone hacker), Jake Honoroff and Mark Daniel of Independent Security Evaluators have successfully compromised the Apple MacBook Air, exploiting a new Zero Day vulnerability in Apple's Safari web browser.

Safari? And to think that Apple has just updated the thing... Oh well,
don't expect a new update too soon as the rules of the contest clearly say that hackers have to sign this non-disclosure agreement - they have to shut up about it until "TippingPoint can notify the vendor." That's OK though. 10Gs and a brand-new Air can pretty much buy anyone's silence, not to mention a nerd's.

As DVLabs notes, "Coincidentally, Apple has just started to ship Safari to some Windows machines, with its iTunes update service," a topic we've already dissected once or twice here at Softpedia. No reason to worry though. Whether you're a Mac owner running Safari or a Windows user running the same web browser, the vulnerability has been "responsibly disclosed to Apple." The Cupertino labs are patching the exploit as we speak, while neither of the parties involved in the hack will be disclosing any additional information, that could potentially be used against Safari users.

The hacking competition is a "repeat of the 'PWN to Own' contest at CanSecWest in 2007, when security researchers competed to win a MacBook Pro and $10,000," according to an older CnetNews.com post. Security researchers Dino Dai Zovi and Shane Macauley shared the prize for successfully using a zero-day QuickTime vulnerability, compromising the MacBook. Windows platforms were subsequently found equally vulnerable to the hack.

This year's CanSecWest organizer, Dragos Ruiu, talked to ZDNet UK revealing that prizes would consist of "several laptops," but he couldn't confirm which particular models, as the security researcher was in Tokyo not just to organize the CanSecWest event, but to go "shopping for laptops" as well. Ruiu told interviewers he had not yet decided on the laptop models, but said he was looking for something "new and thrilling."

He added that they "want the prizes to inspire lust amongst geeks. It's going to be something lustworthy."

TAGS:

 PWN to OWN | hacking contest | exploit | Safari 3.1 | MacBook Air


Rating:
Fair (2.6/5) 5 vote(s) so far    

Read by 1,096 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Fan Update Fails to Fix Air-Freezing Issues

'Light' Competition for Apple's MacBook Air

Model Judge Thinks the Air Should 'Chunk up a Bit'

The Most Expensive iPhone Ever, Out for Sale

Martha Stewart Loves the Air

Israeli Singer Yael Naim Thanks Apple, Mac for Her Success

Bob Screens Apple's Air to Give TSA Workforce a Clue

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive