14 DAY TRIAL // On the heels of an all out Apple security patch marathon two months in the run, a hacker took just a single day to hack a Macbook Pro fully patched. On March 13 2007, on Microsoft's security updates sabbatical month, Apple made available no less than 45 patches for vulnerabilities across the Mac OS X operating system and the third party applications bundled with the platform. This month, Apple made available a further 25 security updates for flaws in OS X.
After this series of 70 security patches in only two months, Dino Di Zovie a hacker living in New York managed to enter a competition held by CanSecWest Vancouver 2007, break-in one of the two Macbook Pro computers and win no less than $10,000. The competition was debuted on April 19, 2007 and the hack took just a single day.
"One OSX box has been owned! At this point all we can say is there is an exploitable flaw in Safari which can be triggered within a malicious web page. Of course all of the latest security patches have been applied. This one is 0day folks. Technical details will be forthcoming as the winner works out the release. There is still one more Mac to go. (the same flaw cannot be used again, but other Safari bugs are allowed)," revealed the organizers on the CanSecWest Vancouver 2007 official website.
And because it is a zero-day vulnerability, Apple has not addressed it with any of the 70 updates released over the past two months. "Currently, every copy of OS X out there now is vulnerable to this," said Sean Comeau, CanSecWest organizer. "You see a lot of people running OS X saying it's so secure, and frankly, Microsoft is putting more work into security than Apple has," said Dragos Ruiu, CanSecWest organizer.
In the light of this new situation, the most secure operating system for Mac computers is without a doubt Microsoft's Windows Vista.