| | By Nick Farrell in Rome @ Thursday, March 19, 2009 7:19 AM
| |
| | A bloke who hacked a Mac in two minutes last year has managed to do the same thing in 10 seconds.
Charlie Miller hacked a Mac as part of Cansecwest's PWN2OWN contest and won $5,000 and the Macbook he hacked.
 The Macbook was fully patched and had a fully patched version of Safari. He had written the exploit before he arrived.
The PWN2OWN rules allow the researcher could provide a URL that hosted the exploit, replicating the common hacker tactic of enticing users to malicious sites where they are infected with malware.
According to Computerworld Miller gave the organisers the link and he then had to prove that he had control of the Mac.
While he is not saying what the exploit was, two weeks ago, he predicted that Safari running on the Mac was the weakpoint of the system.
3com paid Miller the $5,000 for the rights to the vulnerability he exploited and the exploit code he used. As it has at past challenges, it reported the vulnerability to on-site Apple representatives.
Another researcher broke into a Sony laptop that was running Windows 7 by exploiting the vulnerability in Internet Explorer 8.
What makes the two cases different is that Apple makes a great deal in its marketing claiming that it is much more secure than Microsoft. Apple users smugly refuse to install virus checkers thinking that they will be protected because the hardware and software is “too difficult” to hack.
Security experts say that it is because there are fewer Macs out there for any serious hacker to be bothered with, and if Apple was as popular as Windows then it would be seen for the Swiss cheese security system it really is. X
Check out the World news at our sister site The News
| |
| |  Add Comment | |
| | | |