This year, the PWN 2 OWN hacking competition at CanSecWest was over nearly as quickly as the second day started, as famed iPhone hacker Charlie Miller showed the MacBook Air on display who its father really was. Apparently Mr. Miller visited a website which contained his exploit code (presumably via a crossover cable connected to a nearby MacBook), which then "allowed him to seize control of the computer, as about 20 onlookers [read: unashamed nerds] cheered him on." Of note, contestants could only use software that came pre-loaded on the OS, so obviously it was Safari that fell victim here.
Full story on InfoWorld
Straight from the horses mouth:
ReplyDeletehttp://dvlabs.tippingpoint.com/blog/2008/03/27/day-two-of-cansecwest-pwn-to-own---we-have-our-first-official-winner-with-picture
Quick time was to blame last year:
http://www.theregister.co.uk/2007/04/25/quicktime_vuln_fells_mac/
This was classified as use of OS applications (safari, mail …etc) which allows for a user on the workstation to navigate to a web page with exploit code in it.
It passed the 3rd party apps and Pre-Auth attacks fairly well. They havn’t published the details yet on the vulnerability so we wont know whats really to blame until apple releases the patch.
As a Mac user am I disappointed? Yes, because Safari was designed similar in concept to IE, it uses undocumented OS API calls for acceleration. Firefox isn’t all great either but when found they usually do a good job about releasing a timely update to fix the vulnerabilities.
This really isn’t any more a news item than "OMG sharks eating people !?" in my opinion. BTW Ubuntu and Windows both got 0wned too.
Recent changes made to WebKit suggest that the exploit was likely related to a PCRE component of Safari.
ReplyDeletehttp://digg.com/apple/Details_of_CanSecWest_winning_Safari_exploit