Shane Macaulay and Dino Dai Zovi, a software engineer and security researcher taking part in the brilliantly named "PWN to Own" Hack-a-Mac contest at the CanSecWest conference in Vancouver, managed to hack into and take control of a MacBook by finding a security exploit that takes advantage of an open Safari browser window. Shane and his teammate Dino won the prize of a brand new MacBook -- presumably loaded with Firefox or some other browser variant -- for managing to find the hole on the second and final day of the contest. The hack wasn't exactly a breeze, since the pair admitted to a total of 9 hours in order to find and exploit the weakness. Apple has patched OS X four times over the last year to fix dozens of security updates, and only regurgitated the corporate line when asked for comment on this particular vulnerability. ("Apple takes security very seriously", well duh!) Even with the recent arousal of interest in Mac OS security, the world has yet to see any kind of exploit released into the wild world web; when / if one does, we'd probably expect the most damaging exploit to use good ol' social engineering rather than a complicated hack like this. Still, Mac users should take some form of satisfaction from knowing that the issue of Mac security is being investigated, rather than being taken for granted.

0 Comments

Safari browser exploit produced within 9 hours in hacking competition