Mac hacked in under 10 seconds at PWN2OWN

Home IT

So just how secure is your Apple computer now that Mac hacker supremo Charlie Miller has broken into a MacBook in less than 10 seconds?

The annual CanSecWest PWN2OWN competition is always guaranteed to grab a few headlines and spark off another OS Wars flame. Last year security researcher Charlie Miller managed to hack a Mac in a rather astonishing two minutes flat.

This year he pulled off the same feat to win the contest, the MacBook he hacked and a US $5000 prize. Well the same feat but a lot quicker: how does Mac hacked in under 10 seconds grab you as a headline?

Although full extent of what the hack entailed remain a little sketchy, with Miller refusing to reveal the vulnerability details at this time, it is known that both the MacBook and the version of Safari upon it were fully patched and up to date.

The reason for that lack of detail would appear to wrapped up in the fact that the cash prize also took the form of a payment from the competition sponsor, TippingPoint, for the rights to both the vulnerability details and code used to exploit it. TippingPoint has passed these on to Apple for further investigation.

Obviously the whole cracked in 10 seconds thing is worrying, but just how worried should you be if you are a Mac or Safari user? Truth be told, I am not convinced that this is as big a deal as it sounds.

Yes, any vulnerability needs investigating. But the under 10 seconds thing was only achieved because Miller simply provided a URL that took the user to the site where the exploit code was hosted. The donkey work had all been done beforehand, in accordance with PWN2OWN rules, which enabled the speed to be achieved.

Miller says that he provided the link, the judges clicked it and he then showed them he had full control of the MacBook concerned.

Windows users need not feel smug, apparently Safari and IE8 on a machine running Windows 7 also fell soon after the winner.
Tags:

Please enable JavaScript in your browser to post your comment!

SPONSORED PRESS RELEASES

Independent Research Shows High Customer Satisfaction for NetSuite
NetSuite Inc. (NYSE: N), a leading vendor of cloud computing business management software suites, today announced that technology advisory firm Nucleus Research has completed an independent survey of NetSuite customers and concluded that NetSuite customers are highly satisfied, l...

Featured IT jobs

Senior Software consultant responsible for providing support on a unique enterprise level software solution for various customers, Melbourne based!
Skills Tags:   IT  ITIL  Linux  Management  RFP  Unix
This financial client has an excellent opportunity for an experienced Database Developer. SQL 2005 Some Schema design + SSIS & SSRS - 80k+super
Skills Tags:   Design  Development  SQL  SQL Server
Massive Hyperion Project requires a Hyperion Planning Architect / Lead Developer - drive home a huge Hyperion solution.
Skills Tags:   Architect  Design  Development  Hyperion
OBIEE Consultant to work on a very large greenfield OBIEE implementation to date to work end-to-end with excellent modelling & BI Server skills
Skills Tags:   Business Intelligence  Cognos  Hyperion  Informatica  Oracle  SQL

Editors Picks

Stories you may have missed 

What iTWire offers for free

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases