MacBook Air Hacked through Safari

Discussion in 'Mac Apps and Mac App Store' started by chameleon81, Mar 27, 2008.

  1. Aranince macrumors 65816

    Joined:
    Apr 18, 2007
    Location:
    California
  2. Josheek macrumors newbie

    Josheek

    Joined:
    Feb 28, 2008
    #3
    MacBook Air Hacked through Safari

    In a security hackers contest, the hacker was able to gain control of the MBA through a vulnerability in Safari within two minutes!!! Here is the Article. The contest involved the MBA, Windows Vista, and Ubuntu machines. The Air was first to be hacked. Apple has advertised how secure their OS is and how much of an advantage it has over other competitive OS's. I guess everything can't be perfect. Oh well, hope they don't hack mine.
     
  3. priller macrumors regular

    Joined:
    Dec 15, 2007
  4. MacBook-Gal macrumors regular

    Joined:
    Feb 10, 2008
    Location:
    LOA&C (The land of art and computers)
    #5
    And here I (after switching from Windows a year ago) was just starting to believe that my Mac is secure without having virus protection.:eek:
     
  5. BiikeMike macrumors 65816

    BiikeMike

    Joined:
    Sep 17, 2005
    #6
    MBA hacked in under 2 minutes at CanSecWest security conference's PWN 2 OWN

    Link 1

    Link 2


    Wow, $10 grand and a MacBookAir in 2 minutes, sign me up!
     
  6. coffey7 macrumors 6502a

    coffey7

    Joined:
    Feb 12, 2006
    #7
  7. Aea macrumors 6502a

    Aea

    Joined:
    May 23, 2007
    Location:
    Denver, Colorado
  8. SilentPanda Moderator emeritus

    SilentPanda

    Joined:
    Oct 8, 2002
    Location:
    The Bamboo Forest
    #9
    It was a Safari exploit. So it's not limited to MacBook Airs.
     
  9. coffey7 macrumors 6502a

    coffey7

    Joined:
    Feb 12, 2006
    #10
  10. ayeying macrumors 601

    ayeying

    Joined:
    Dec 5, 2007
    Location:
    Yay Area, CA
    #11
    I never use safari.. so does that mean I'm hacker proof? lol... any OS can be hacked, its just whether or not someone has the time to do it.
     
  11. killerrobot macrumors 68020

    killerrobot

    Joined:
    Jun 7, 2007
    Location:
    127.0.0.1
    #12
    Good read. Glad I don't use Safari.;)

    Good to know no one get access through direct attacks.
     
  12. em500 macrumors regular

    Joined:
    Apr 29, 2005
    #13
    Preparing the exploit actually took three weeks, but hacked in 2 minutes makes a better headline.
     
  13. mackindergarten macrumors 6502

    Joined:
    Feb 21, 2008
    #14
    If you can choose to attack (and subsequently take it home) a Vista, Ubuntu or Mac machine, there is no question why he tried to hack the MBA.

    I mean who wants a Vista machine, if you can get a MBA?
     
  14. Cloudsurfer macrumors 65816

    Cloudsurfer

    Joined:
    Apr 12, 2007
    Location:
    Netherlands
    #15
    This is no surpsise. Safari has been subject to security leaks in the past, so naturally, that's where the geeks would look first. Now it's up to Apple to patch that hole :)
     
  15. rom macrumors regular

    Joined:
    Jun 7, 2006
    #16
    Safari has a vulnerability, which Apple should fix immediately and I have no doubts that Apple will release the fix soon.

    However, the exploit requires that you visit a malicious website - so the moral of the story is, don't click on those links if and when you are not sure if the site is legit.
     
  16. chameleon81 thread starter macrumors 6502

    Joined:
    May 16, 2006
    #17
    Yeah but the problem is that people click those websites :) Same happens with Windows.

    I use Mac actually I switched like 8 months ago. But security wasnt my motivation. I believe this security and ease of use are marketing things which are being very well practiced by apple.

    I think it is the fact that the more people switch to mac the more viruses we will have :).
     
  17. sreedy macrumors 6502a

    Joined:
    Feb 24, 2005
    Location:
    Somerset
    #18
    There was $10,000 on offer for the first to break any system so with that logic surly they'd go after the one with the most obvious or easy to find vulnerability??? It's irrelevant which one they get to take home with $10,000 on offer!!!!!!!!!!

    You may have said that in jest but it makes us all look like crazy Fan Bois, "they only hacked it as it's the best"
     
  18. em500 macrumors regular

    Joined:
    Apr 29, 2005
    #19
    Unfortunately almost all legit sites these days are also running (mainly ad) content from 3rd parties, which can also be cracked to serve the exploits.
     
  19. boast macrumors 65816

    boast

    Joined:
    Nov 12, 2007
    Location:
    Phoenix
    #20
    if windows lost first, you would all be talking ****.

    give me a break :rolleyes:
     
  20. em500 macrumors regular

    Joined:
    Apr 29, 2005
    #21
    The rules of the contest are here
    http://dvlabs.tippingpoint.com/blog/2008/03/19/cansecwest-pwn-to-own-2008

    The first day was attacking the system over the network without any user intervention for a $20000 price, and 3 systems survived.

    The second day was attacking the system over the network by directing a user to do some simple things with a default setup, like opening email you send them or visiting a website you prepared. The Mac got hacked here, probably due to a bug in Safari, and the winner got the laptop and $10000.

    Note that after the Mac was out of the race, different teams continued to work on the Vista and Ubuntu laptops (and could still win them and their $10000 prices), but both survived the second day.

    3rd day (today/tomorrow), you can still win the Vista or Ubuntu laptops plus $5000, and they will now also have "popular 3rd party client applications" installed", though I haven't seen the list of apps yet.
     
  21. rhett7660 macrumors G4

    rhett7660

    Joined:
    Jan 9, 2008
    Location:
    Sunny, Southern California
    #22

    I agree... boy I can hear it now.. LOL.. ;)

    I am kind of curious as to what Apple has, in terms of teams who try to hack, exploit etc before the OS is released. Maybe Apple needs to hire some fresh talent.
     
  22. psychofreak Retired

    psychofreak

    Joined:
    May 16, 2006
    Location:
    London
    #23
    Well you are, there are no viruses out in the wild for OSX. In fact there is no virus protection for OSX viruses.
     
  23. Wild-Bill macrumors 68030

    Wild-Bill

    Joined:
    Jan 10, 2007
    Location:
    bleep
  24. aristobrat macrumors G4

    Joined:
    Oct 14, 2005
    #25
    Since it was a Safari vulnerability present on all current Macs that they used, shouldn't this be in the General Mac forum, as any Mac can apparently be pwned in 2 minutes flat?
     

Share This Page