Sign in with
Sign up | Sign in

MacBook/Safari Hacked in 10 Seconds

By - Source: Tom's Hardware US | B 35 comments

The annual PWN2OWN contest is really popular. It’s a friendly contest that offers cash prizes to computer experts who can successfully hack fully patched machines.

While it all sounds a little sinister, the competition is actually part of CanSecWest,  a security conference in Vancouver and is sponsored by a security company (Tipping Point). Last year the MacBook Air was broken in about 2 minutes and was the first to go. As if that weren’t embarrassing enough, the same guy this year hacked a fully up to date MacBook in a reported 10 seconds by exploiting a vulnerability in the Safari browser.

“It took a couple of seconds. They clicked on the link and I took control of the machine,” Charlie Miller said, according to ZDNet. Miller won himself $10,000 and got to hold onto the MacBook. He also said he came to CanSecWest with the intention to hack into Safari and tested the exploit to make sure it worked first time around.

Another hacker, who refers to himself as Nils, was second to break Safari. He also managed to exploit Internet Explore 8 (running on a Windows 7 machine) and later turned his double win into a hat trick by felling Mozilla’s Firefox.

Details of the vulnerabilities are being kept quiet until patches are released. But according to Tipping Point, Nils IE8 bug was “brilliant."

Check out the full stories on ZDNet.

Discuss
Display all 35 comments.
This thread is closed for comments
Top Comments
  • 21 Hide
    duckmanx88 , March 19, 2009 2:33 PM
    SneakySnakePC fanboys cometh


    so its ok for users of Macs to be smug, standing on a pedestal and mocking windows users, but if something comes along to shake your balance, and we acknowledge it, we're "fanboys"?
  • 11 Hide
    jsloan , March 19, 2009 4:53 PM
    what about all that apple false advertising, 10 seconds, nice...
  • 11 Hide
    tipoo , March 19, 2009 3:35 PM
    So THATS what hackers look like.
Other Comments
  • 9 Hide
    one-shot , March 19, 2009 2:27 PM
    I laughed when I saw the link under this one saying IE8 is ready to download. I guess it was already ready to be hacked.
  • 21 Hide
    duckmanx88 , March 19, 2009 2:33 PM
    SneakySnakePC fanboys cometh


    so its ok for users of Macs to be smug, standing on a pedestal and mocking windows users, but if something comes along to shake your balance, and we acknowledge it, we're "fanboys"?
  • 7 Hide
    Anonymous , March 19, 2009 2:51 PM
    >This just goes to show that the majority of hacks and viruses
    >happen because of how many people use the software/OS, not what
    >the software/OS is.

    That is true in real life, but does it also apply when professional people hack in a contest?
  • 7 Hide
    magnus962 , March 19, 2009 3:24 PM
    My favorite part was the picture of Hackers, being the best picture for this article...
  • 10 Hide
    one-shot , March 19, 2009 3:26 PM
    A hat trick usually refers to a hockey player scoring three goals in a game. A double win plus one more amounts to three which therefore equals a hat trick.
  • 10 Hide
    JMcEntegart , March 19, 2009 3:31 PM
    @one-shot: I was actually thinking of football (soccer) when I wrote the article but it works for both. Go flames! :) 
  • -5 Hide
    SAL-e , March 19, 2009 3:34 PM
    Last year Ubuntu PC was hacked through FF and Adobe Flash. What happen this year? Is Ubuntu PC still standing? I wish TH gives better coverage.
  • 11 Hide
    tipoo , March 19, 2009 3:35 PM
    So THATS what hackers look like.
  • 6 Hide
    SAL-e , March 19, 2009 4:01 PM
    SAL-eLast year Ubuntu PC was hacked through FF and Adobe Flash. What happen this year? Is Ubuntu PC still standing? I wish TH gives better coverage.

    OK. Looks like this year they don't have OS hacking day. So no Linux PC for hacking. They are concentrating on browsers. In the past browser was on the second day of competition. Last year no one was able to hack the OS (Win, Mac or Linux) itself on day one. So I guess the OS is not the problem that much any more, but the user and the web itself.
  • 4 Hide
    FlayerSlayer , March 19, 2009 4:02 PM
    duckmanx88so its ok for users of Macs to be smug, standing on a pedestal and mocking windows users, but if something comes along to shake your balance, and we acknowledge it, we're "fanboys"?


    Quote for truth.
  • 0 Hide
    norbs , March 19, 2009 4:35 PM
    duckmanx88so its ok for users of Macs to be smug, standing on a pedestal and mocking windows users, but if something comes along to shake your balance, and we acknowledge it, we're "fanboys"?


    Eh with the MS Army over here i think he knew it was comming. I am a 75% PC user and 25% mac user and people here call me a fanboy just for saying what i like about macs. It gets kinda old when a bunch of people who never took the time to use or learn an OS can have so much to say about it. MacOS is not a cure-all or miracle, but there are many things i rather do on it compared to a XP and expecially a vista PC. Besides, who uses safari on OSx anyways...

    If anyone cares I have:
    1 Vista machine used as a media center
    3 XP machines; 2 at work 1 at home for games
    1 MacOS Hackintosh (dell d620)

    They all have their purpose and I don't go around calling the guy who doesn't use a mac a fanboy. Maybe it's just he uneducated people... whatever.
  • 3 Hide
    bounty , March 19, 2009 4:40 PM
    Mr. The Plague is probably still working on the Ubuntu box.
  • 11 Hide
    jsloan , March 19, 2009 4:53 PM
    what about all that apple false advertising, 10 seconds, nice...
  • 7 Hide
    hellwig , March 19, 2009 5:30 PM
    Really, if Apple itself didn't say its computers were more secure, I wouldn't care that it could be hacked. No one cares that Windows or IE were hacked, it happens all the time. If Apple just admitted there are probably some security holes in their software (just as with any software on any platform), then maybe they'd get a little less egg on their face when their browser is hacked in 10 seconds.

    I wonder what the competition entails. Obviously these guys knew the vulnerabilities they were going to exploit ahead of time. Did this guy really only take 10 seconds to create a webpage that could attack Safari, or did it take him 10 seconds to type in a URL to a webpage that took him a few hours to code-up before the competition?
  • 3 Hide
    bounty , March 19, 2009 7:11 PM
    uhhh, hellwig ???

    "He also said he came to CanSecWest with the intention to hack into Safari and tested the exploit to make sure it worked first time around."
  • 3 Hide
    hellwig , March 19, 2009 8:29 PM
    Oh, thanks bounty, but I would still like to know what it took only 10 seconds to do. Type up a webscript, or just redirect to a website he alread had setup.
  • -2 Hide
    hellwig , March 19, 2009 8:29 PM
    Oh, thanks bounty, but I would still like to know what it took only 10 seconds to do. Type up a webscript, or just redirect to a website he alread had setup.
Display more comments