Mac hacked in under 10 seconds at PWN2OWN

Discussion in 'MacBytes.com News Discussion' started by MacBytes, Mar 19, 2009.

  1. macrumors bot

    Joined:
    Jul 5, 2003
    #1

    [​IMG]

    Category: Apple Hardware
    Link: Mac hacked in under 10 seconds at PWN2OWN
    Description:: So just how secure is your Apple computer now that Mac hacker supremo Charlie Miller has broken into a MacBook in less than 10 seconds?

    Posted on MacBytes.com
    Approved by Mudbug
     
  2. Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Missouri
    #2
    So, how long did it really take?
     
  3. macrumors 6502a

    MistaBungle

    Joined:
    Apr 3, 2005
    #3
    Code was loaded through an unsafe website. All he did was type a url. Absolute hollywood hogwash.
     
  4. Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Missouri
    #4
    Exactly. The PWN2OWN is stacked against Macs to begin with ... the "competition" was IE8 and FF3 running Windows 7.

    No IE7, no Vista, no XP ... how many people are running IE8 or FF3 on W7?
     
  5. macrumors 6502a

    MistaBungle

    Joined:
    Apr 3, 2005
    #5
    Whaaat, that's crazy. But really, if that is how my computer needs to get exploited, I'm cool with that.
     
  6. macrumors 6502

    munson

    Joined:
    Mar 23, 2008
    Location:
    Boston, MA
    #6
    Two minutes.
     
  7. macrumors 604

    thejadedmonkey

    Joined:
    May 28, 2005
    Location:
    Pa
    #7
    Everybody I know who uses Firefox has been automatically upgraded to FF3. It's been out for quite some time now.
     
  8. Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Missouri
    #8
    But are they running it on Win7? That's the point. OS X is up against a beta OS, there hasn't been any time to find vulnerabilities, much less exploits.
     
  9. macrumors 68040

    Joined:
    Feb 17, 2008
    Location:
    Britain
    #9
    How old is this now? At least a year.

    At an event sponsored by Microsoft nonetheless.
     
  10. Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Missouri
    #10
    No, this is this year's event.
     
  11. macrumors 68030

    Full of Win

    Joined:
    Nov 22, 2007
    Location:
    Ask Apple
    #11
    Hey - my favorite show is Hollywood Hogwash; you better not be ragging on it!
     
  12. macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #12
    it shows apple's products aren't any better, if not obviously worse, security-wise.

    Now, clock is ticking! lets see how long it take for vendors to patch it!
     
  13. macrumors member

    Joined:
    Nov 6, 2007
  14. macrumors 604

    thejadedmonkey

    Joined:
    May 28, 2005
    Location:
    Pa
    #14
    And also according to Engadget, Microsoft is releasing IE8 today at noon.

    Using a beta OS versus a shipping OS is moot when the exploit was done using a web browser and not the OS. Sure there's a connection, but I don't think it's significant - especially between Vista and Win7.
     
  15. macrumors 65816

    parapup

    Joined:
    Oct 31, 2006
    #15
    Well, not really a hogwash by any means. It wasn't like the user had to click through to run a malicious binary after heeding to all the security warnings. It was more of a "click-a-link and you are pwned" thing.

    The code on the site was run to exploit the holes in Safari. Ideally Safari should not be executing it but the flaw means that it does and user is pwned.
     
  16. macrumors 6502a

    MistaBungle

    Joined:
    Apr 3, 2005
    #16
    I understand that.

    A)I was quoting The Simpsons
    B)I think it's cheap that the claim is 'under 10 seconds' when in fact he did the work beforehand. That's what I think is brutal.
     
  17. macrumors member

    Koronis

    Joined:
    Feb 16, 2009
    Location:
    Windsor,Ontario,Canada
    #17
    Better they found it now, during a security contest, than someone actually using it for malicious purposes.
     
  18. macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #18
    thats the real truth, sadly somebody here are just so defensive that they choose to deny everything...

    Holes are everywhere!, stop denying it, better just goto apple and file a bug report and demand they fix it ASAP.
     
  19. macrumors regular

    Joined:
    Mar 1, 2007
    #19
    they should have used safari 4 beta on a snow leopard build to make it an equal footing lol

    though it should b the same result unless apple know of the exploit...
     
  20. macrumors 603

    notjustjay

    Joined:
    Sep 19, 2003
    Location:
    Canada, eh?
    #20
    Well, I'm glad people are finding these bugs and Apple is fixing them.

    It just proves that the Mac isn't 100% bulletproof. Well, OK, we already knew that. Nobody really expected that there would NEVER be exploitable security flaws on OS X.

    I do think it's kind of childish that people are going "In your face! We found one! We found one! That proves you suck!" when the predominant competition is absolutely chock-full of viruses and vulnerabilities. But, I can understand why they would be waving it in the face of anyone equally childish enough to try to rub into the Windows users that "Macs are perfect, they have no viruses, so nyaaa!"
     
  21. macrumors regular

    Joined:
    Feb 13, 2006
    #21
    Anybody who downloaded Win7 Beta, gets IE8 automatically. I have Win7/IE8 installed on my 4 year old tablet PC for over a month now.

    Welcome to Window web surfing Apple. This is the kind of stuff Window user goes through when surfing the web. Good thing this guy is doing it for this competition and there's not a hundred of him pumping out these codes.
     
  22. macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #22
    Often for these competitions the macs are set to run with constant root privileges which is not the default configuration for a mac. But the default configuration for an admin account on a windows pc is to have constant root privileges.

    If this is true in this case, then they are not comparing the default mac configuration to the default windows configuration. So, in the end it is just propoganda.
     
  23. macrumors member

    Joined:
    Jan 21, 2008
    #23
    The goal in this contest was to run code in the context of the application (i.e., Safari). Root or not root is an entirely different issue. And anyway, on typical single user systems it really does not matter that much if code is executed as root or not.
     
  24. macrumors 6502a

    Joined:
    Jan 2, 2009
    #24
    Really, P2O proves nothing about real-world situations.
    The only good thing is that the bugs present in the browsers will be patched.
     
  25. macrumors 6502

    Joined:
    Nov 30, 2006
    #25
    Every version of Safari from day 1 has had the same issue and Apple always fixes vunerabilities.

    This does not mean that a virus, malware or spyware got installed on your system.

    People worry about a few vulnerabilities when new code is written for Macs but what about the 300,00 viruses addware and spyware affecting the World Of Windows?

    Microsoft has been at risk since 1974!

    --Eric
     

Share This Page