Two days and relaxed rules produces zero day Mac hack

Stan Beer
Sunday, 22 April 2007 07:27

Your IT - Home IT

It took until the second day of a Canadian security conference and a relaxation of stringent rules but a New York hacker has successfully developed a zero day exploit for a vulnerability in Mac OS X which can hand over control of a computer to a remote attacker.

Demonstration of the successful Mac hack at the CanSecWest security conference in Vancouver won a free MacBook from conference organizers for hacker Dino Dai Zovi and his proxy at the conference Shane Macaulay and US$10,000 from TippingPoint, the network security division of 3Com, which will buy the exploit.

Originally the CanSecWest contest invited hackers to develop a wireless exploit for a Mac which was switched on but was not running any applications. The task, which has not been a common way to hack operating systems, proved beyond any of the hackers represented at the conference.

On the second day of the conference, the organizers allowed hackers to use one of the most common methods of hacking into operating systems over the Internet - getting users to visit a malicious web page and opening a back-door into the operating system through the web browser.

Like many of the exploits for Windows, Dino Dai Zovi, a security expert, developed an exploit for the Mac Safari browser which would enable an attacker to send an email enticing users to click a link to a web page specifically designed to enable attackers to gain remote access to a Mac.

Organizers at CanSecWest, which had offered two MacBooks as prizes, confirmed on the conference web site that the successful hack was a true zero day exploit:

"One OSX box has been owned! At this point all we can say is there is an exploitable flaw in Safari which can be triggered within a malicious web page. Of course all of the latest security patches have been applied. This one is 0day folks. Technical details will be forthcoming as the winner works out the release. There is still one more Mac to go. (the same flaw cannot be used again, but other Safari bugs are allowed).

"Just to review the rules, the first box required a flaw that allows the attacker to get a shell with user level privilages (sic). The second box, still up for grabs, requires the same, plus the attacker needs to get root."

The successful development of the Mac OS X hack has provided fuel for the point of view that Macs are only safer from a security aspect than Windows PCs because they are less of a target for malware purveyors.