By the means of a zero-day vulnerability in Apple's Safari 3.1 Web browser, the team of researches from Independent Security Evaluators (ISE), was able to hack a MacBook Air in two minutes. There’s no way this can be auspicious for Mac OS X's status regarding security.
Charlie Miller, Jake Honoroff, and Mark Daniel, ISE security researchers, joined the "PWN to OWN" competition at the CanSecWest security conference, which took place in Vancouver, British Columbia.
Now used in the security groups, the first word, "Pwn" is a computer gaming slang for "own". The deliberate misprint "p" emphases the humiliation felt by the defeated, when the victorious ones can’t even know how to spell or type properly.
Running OS X 10.5.2, a Sony Vaio VGN-TZ37CN running Ubuntu 7.10, or a Fujitsu U810 running Vista Ultimate SP1, the contestants supposed to try to hack an Apple MacBook Air. No system was compromised during the fist day of the competition when the attacks have been restricted to network attacks on the operating system.
The day were permitted the attacks on the Web browser, e-mail, IM, the situation changed. Because of compromising the MacBook Air, the security firm TippingPoint Technologies, gave ISE team $10,000.
According to TippingPoint, Apple was shown the secret weakness in Safari 3.1 and, until Apple will fix its problem, no information will be exposed.
"[S]ince the Vista and Ubuntu laptops are still standing unscathed, we are now opening up the scope of the targets beyond just default installed applications on those laptops; any popular third-party application (as deemed 'popular' by the judges) can now be installed on the laptops for a prize of $5,000 upon a successful compromise."
Comments are still expected from Apple.
|
