Technology news and Jobs arrow Information Technology News arrow Two days and relaxed rules produces zero day Mac hack
Two days and relaxed rules produces zero day Mac hack E-mail
by Stan Beer   
Sunday, 22 April 2007
It took until the second day of a Canadian security conference and a relaxation of stringent rules but a New York hacker has successfully developed a zero day exploit for a vulnerability in Mac OS X which can hand over control of a computer to a remote attacker.

Featured Whitepaper

5 Best Practices for Smartphone Support
Demonstration of the successful Mac hack at the CanSecWest security conference in Vancouver won a free MacBook from conference organizers for hacker Dino Dai Zovi and his proxy at the conference Shane Macaulay and US$10,000 from TippingPoint, the network security division of 3Com, which will buy the exploit.

Originally the CanSecWest contest invited hackers to develop a wireless exploit for a Mac which was switched on but was not running any applications. The task, which has not been a common way to hack operating systems, proved beyond any of the hackers represented at the conference.

On the second day of the conference, the organizers allowed hackers to use one of the most common methods of hacking into operating systems over the Internet - getting users to visit a malicious web page and opening a back-door into the operating system through the web browser.

Like many of the exploits for Windows, Dino Dai Zovi, a security expert, developed an exploit for the Mac Safari browser which would enable an attacker to send an email enticing users to click a link to a web page specifically designed to enable attackers to gain remote access to a Mac.

Organizers at CanSecWest, which had offered two MacBooks as prizes, confirmed on the conference web site that the successful hack was a true zero day exploit:

"One OSX box has been owned! At this point all we can say is there is an exploitable flaw in Safari which can be triggered within a malicious web page. Of course all of the latest security patches have been applied. This one is 0day folks. Technical details will be forthcoming as the winner works out the release. There is still one more Mac to go. (the same flaw cannot be used again, but other Safari bugs are allowed).

"Just to review the rules, the first box required a flaw that allows the attacker to get a shell with user level privilages (sic). The second box, still up for grabs, requires the same, plus the attacker needs to get root."

The successful development of the Mac OS X hack has provided fuel for the point of view that Macs are only safer from a security aspect than Windows PCs because they are less of a target for malware purveyors.{moscomment}

Tags See All Tags


Apple  Macintosh  Security  Stan Beer 
Powered By Joomla Tags

Please enable JavaScript in your browser to post your comment!
 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
 694,279
Subscribers 15,210
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff

- Advertisement -

Featured Whitepapers

...More

Today on iTWireToday on iTWire

Latest news
Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

iTWire and you

Contact , Register , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page , Advertise with iTWire , Subscribe to SMS headlines , White Papers