Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Researchers Exploit Safari Security Hole in Five Seconds at PWN2OWN

Perhaps it took five seconds to implement, but your thread title makes it seem like it was the first time these hackers saw a MBA and Safari.

I'm sure there were dozens or hundreds of hours worth of research and coding in order for these guys to get to the point of being able to implement their hack.


I remain unconcerned.
 
Surely said:
Perhaps it took five seconds to implement, but your thread title makes it seem like it was the first time these hackers saw a MBA and Safari.

I'm sure there were dozens or hundreds of hours worth of research and coding in order for these guys to get to the point of being able to implement their hack.


I remain unconcerned.
Click to expand...

That's correct. It was done on site, at the event in 5 seconds. However, it took weeks to find the exploit AND actually write a custom piece of code to execute.

You also have to realize that the event was hosted by MS, Google, and another. So there's some bias there...
 
Researchers Exploit Safari Security Hole in Five Seconds at PWN2OWN




114003-cansecwest_2011.jpg


ZDNet reports that a MacBook running Safari was the first machine to fall victim to a security exploit in the PWN2OWN hacker challenge at the CanSecWest conference in Vancouver, Canada. French security researchers compromised the MacBook and launched code within five seconds of contacting the machine, winning a $15,000 cash prize and a new 13-inch MacBook Air for their efforts.
VUPEN co-founder Chaouki Bekrar lured a target MacBook to a specially rigged website and successfully launched a calculator on the compromised machine.

The hijacked machine was running a fully patched version of Mac OS X (64-bit).

In an interview with ZDNet, Bekrar said the vulnerability exists in WebKit, the open-source browser rendering engine. A three-man team of researchers spent about two weeks to find the vulnerability (using fuzzers) and writing a reliable exploit.
Click to expand...
While Bekrar noted some difficulties in preparing the exploit due to a lack of documentation on how to exploit 64-bit Mac OS X code, his team was ultimately able to bypass several anti-exploit tactics included in Mac OS X to demonstrate how a machine could become comprised simply by visiting a malicious webpage and without crashing the browser.

Macs have become popular targets for researchers seeking to find security holes, with CanSecWest being a major forum for discussion and demonstration of their work. In 2007, the conference sponsored a "Hack a Mac" contest with a $10,000 cash prize, although organizers did have to loosen the contest rules before researchers succeeded in compromising a MacBook.

The following year, a MacBook Air was the first to be compromised at PWN2OWN, falling victim to a exploit initiated through Safari. Apple released a Safari update just a few weeks later to address that issue. And in 2010, noted researcher Charlie Miller used the conference to expose 20 zero-day holes in Mac OS X, claiming that Mac users' infrequent run-ins with hackers have primarily been due to "security by obscurity", with most malicious hackers preferring to attack Windows platforms with substantially larger user bases.

Notably, Apple is said to have reached out to security researchers for the first time with the initial developer build of Mac OS X Lion, inviting them to test out the forthcoming operating system in hopes of finding and patching as many holes as possible before Lion reaches customers' hands later this year.

Article Link: Researchers Exploit Safari Security Hole in Five Seconds at PWN2OWN
 
Perhaps it took five seconds to implement, but it's not like it was the first time these hackers saw a MBA and Safari.

I'm sure there were dozens or hundreds of hours worth of research and coding in order for these guys to get to the point of being able to implement their hack.


I remain unconcerned.
 
Surely said:
Perhaps it took five seconds to implement, but it's not like it was the first time these hackers saw a MBA and Safari.

I'm sure there were dozens or hundreds of hours worth of research and coding in order for these guys to get to the point of being able to implement their hack.


I remain unconcerned.
Click to expand...

Although I remain unconcerned as well, you completely miss the point of PWN2OWN.
 
i hope this thread doesn't turn into a 'good for apple that they know the exploit now and can patch'. Because when this stuff happens to Google and Microsoft, most people here laugh it up and gloat how Apple is awesome.
 
It says it took a three man team two weeks to work on this. The actual implementaion worked in 5 seconds.....AFTER they lured the MacBook there.

So the moral of the story is, don't be an idiot!
 
I think Steve has realised that since the move to Intel the Mac has become a target since due to the past Mac doesn't get viruses Windows does moniker, Lion will be focused now on limiting the use of such backdoors.

Im not to bothered in the security hole with Lion as if i don't trust the site i won't get lured there thats the only reason for viruses backdoors etc working

Human error not machine or OS failure is the key
 
Last edited:
RRmalvado said:
Although I remain unconcerned as well, you completely miss the point of PWN2OWN.
Click to expand...

Yes the point is Macs can easily be hacked. However you misses his point. The exploit itself took five seconds, but all the preparations and knowledge behind it took more than five seconds. At minimum it took them 1-2 days of nonstop work.

Also, it took a malicious website to crack in. In other words, be a safe user and don't visit dodgy websites. This is true across ALL platforms. Impending Linux distros.
 
dwd3885 said:
i hope this thread doesn't turn into a 'good for apple that they know the exploit now and can patch'. Because when this stuff happens to Google and Microsoft, most people here laugh it up and gloat how Apple is awesome.
Click to expand...

Huh? Safari loses almost all the time. Call it a political message or whatever, Apple has never been the best at these security contests. Feel free to keep burning that strawman, though. You don't need to pay attention to reality to have fun while feeling superior due to the choice of which tool you prefer to use.
 
Remember, this is a white hat hacking event. Everything is kept confidential and bugs given to the developers.

Most people want to hack Macs first at this event, because you win the computer you did the hack on. Dell and HP machines are less popular to hack first.
 
This is great news, finding security problems before malicious things are done is good to hear. The more holes patched before the Mac becomes too popular the better.
 
NAG said:
Huh? Safari loses almost all the time. Call it a political message or whatever, Apple has never been the best at these security contests. Feel free to keep burning that strawman, though. You don't need to pay attention to reality to have fun while feeling superior due to the choice of which tool you prefer to use.
Click to expand...

huh? smh
 
Apple's recent "reaching out" by offering Lion to security researchers may not be enough.

The rest of the industry pays researchers when they find vulnerabilities and they privately disclose them to the company without making them public before they can be patched. Apple does not. For that reason, Charlie Miller no longer reports bugs to Apple (http://tinyurl.com/5tfee7w).
 
SimonTheSoundMa said:
Remember, this is a white hat hacking event. Everything is kept confidential and bugs given to the developers.

Most people want to hack Macs first at this event, because you win the computer you did the hack on. Dell and HP machines are less popular to hack first.
Click to expand...

Exactly. While it's good to know that people checking these kind of things, and sending the bugs to the developers, you can't put much stock in the actual contest, simply because they get to win the machine they hack. Who wouldn't pick the Mac first?
 
For some reason while I read this I imagined Steve reading the same thing and tugging at the neck of his black turtleneck and sweating profusely. ;)
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back