One was a no show day of. The others spent weeks preparing their exploits. It's pretty obvious to me why no one took up the challenge. Here, sit down and exploit it. Nevermind the 0 preparation work you've done on it.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researchers Exploit Safari Security Hole in Five Seconds at PWN2OWN
- Thread starter camelsnot
- Start date
- Sort by reaction score
One was a no show day of. The others spent weeks preparing their exploits. It's pretty obvious to me why no one took up the challenge. Here, sit down and exploit it. Nevermind the 0 preparation work you've done on it.
I recently switched from Safari to Chrome as my main everyday browser.
I noticed safari seemed to be hanging/pausing before loading a page. I find firefox cluttered looking and also use tons of plugins for web dev stuff. So I tried chrome again and after a simple unscientific testing, i decided chrome was fastest.
On top of the speed test, I find bookmark management in safari horrible. Maybe someone can show me but I can't find easy way to resort bookmarks alphabetically. Chrome offers that option.
I noticed safari seemed to be hanging/pausing before loading a page. I find firefox cluttered looking and also use tons of plugins for web dev stuff. So I tried chrome again and after a simple unscientific testing, i decided chrome was fastest.
On top of the speed test, I find bookmark management in safari horrible. Maybe someone can show me but I can't find easy way to resort bookmarks alphabetically. Chrome offers that option.
I'm actually curious on that last quote of yours about UAC bypasses being common. Any links I can read more about that at that you'd recommend?
Webkit is quite broad
What I would like to know is what specifically was hacked, WebKit is quite broad and most of them when you look into it hacked the plugins which are usually Java or Flash.
Every year I hear about this its OSX got hacked out of the box, Windows and Linux got hacked once typical software was installed and it simply comes down to OSX ships with Flash and Java, everything else doesn't.
What I would like to know is what specifically was hacked, WebKit is quite broad and most of them when you look into it hacked the plugins which are usually Java or Flash.
Every year I hear about this its OSX got hacked out of the box, Windows and Linux got hacked once typical software was installed and it simply comes down to OSX ships with Flash and Java, everything else doesn't.
Links to two public and unpatched privilege escalation vulnerabilities in Windows 7 that bypass UAC are provided in one of my previous posts. One is a local and the other is a remote.
Here you go:
http://www.vupen.com/english/advisories/2011/0394
http://www.vupen.com/english/advisories/2010/2029
The exploit was part of Safari, not a plugin.
The flaw was reportedly in WebKit, but that's a very general thing to say.
Ahh okay, I had totally misread that. I was thinking there was some mac vulnerability bypassing the admin password. Sorry, my brain is garbled at the moment. I blame malicious code(okay, it's just a language I haven't used before, but that's malicious enough for me).
EDIT:
Have those actually been in the wild though? It difficult to tell from those pages.
Last edited by a moderator:
No, but the remote root has a proof of concept.
This issue is, given that they are public and unpatched, malware devs can use them in exploits in the wild until they are patched.
The remote could be used by itself to create a worm that attacks ports 137-9 and 445. These are the most commonly exploited ports on the internet due to the weakness of the services that listen to these ports in Windows NT based systems.
The local would have to be linked to a remote exploit that did not include privilege escalation, such as a browser exploit.
A win32k.sys local privilege escalation exploit was used in Stuxnet and this is a common vector to find local priv esc exploits. This is because you only need user level access to manipulate the registry entries to cause kernel components to crash in a manner that allows local privilege escalation.
For example:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=win32k
Last edited:
So what are the downsides of using Chrome?
Besides the appearance of Chrome what are the downsides of using it. I was all set to try it last year but this website seemed to be against it based on the fact Chrome is a resource hog and it constantly monitors your use and auto updates. Are these things still a factor, why are they bad? Basically what are the pros and cons of using Chrome?
Besides the appearance of Chrome what are the downsides of using it. I was all set to try it last year but this website seemed to be against it based on the fact Chrome is a resource hog and it constantly monitors your use and auto updates. Are these things still a factor, why are they bad? Basically what are the pros and cons of using Chrome?
Yes you did
Yes.
If they work that long and hard to hack my machine, they can have the pictures of me at the beach.
wow
once the vulnerability is revealed (regardless of the time it took to discover) it only takes 5 seconds to execute from then on
in other words your machine can be hacked in 5 seconds by anyone who learns or has knowledge of this vulnerability, it does not take everyone who uses this particular vulnerability 2 weeks to execute it
the point of the PWN2OWN is to see how quickly they can execute a vulnerability which is why contestants have basically unlimited prep time
nothing disingenuous about it really
If it's beside the point, then the article should not claim it took them only 5 seconds to pwn the Mac. OR they should talk about the long prep time. It shouldn't work both ways. Either the full time matters or no time matters.
I'm flattered.....it's been a while since I've been stalked in a thread.
/I really didn't miss the point.
Unless the hacker had the working exploit, it would take a fair bit of time to exploit your system given that the hacker would have to develop a new exploit for the vulnerability before hacking your system.
So by "don't be an idiot" you mean don't visit a web site (or perhaps don't use Safari or other WebKit browsers because they're buggered/unsafe?)
And THAT is something people should be concerned about rather than the dismissive "it cannot happen to Mac users attitude that makes 99% of Mac users vulnerable in and of itself).
WTF is the difference how long the exploit took to create? The point is it can be rolled out worldwide now and used in any number of ways to violate Mac computers. Do you think all computer viruses are written in a few minutes time? LOL.
Dodgy web sites? That could be anything. Web sites can be hacked and invalid code introduced. On Windows, something like AVG + Firefox will at least give you an idea that a site might be "dodgy". But the average Mac users believes his machine to be invulnerable and doesn't worry about web sites and doesn't have the tools available to figure out what is "dodgy" and what isn't. Otherwise, you better just stick to Amazon.com, Google and Ebay and forget about the rest of the Web since most web sites that aren't trying to sell you something aren't owned by mega-corporations and well-known enough to assume they aren't dodgy until you visit them (at which point it's too late).
Last edited:
Good points. Question for me is though, how plausible is something similar on the Mac OS?
If you dealt with computer security, you'd know about this - and if you wait for it to happen before thinking about it you're over-late. It's been done in the past, and it will happen again.
Subscribe to a SANS security newsletter, and learn not to think about security reactively. That's the attitude that got Microsoft in trouble in the first place.
You still didn't provide any examples. I was under the impression you're claiming it has happened under OS X, and he was looking for an example. I'm curious as well.
To "win" every hack demonstrated that they could A.) write to the drive and B.) execute code (starting an app of their choosing).
Rubbing these two pieces of information together in your mind should produce a lot of smoke in terms of exploitation possibilities. If, along with the drive-by and/or single click nature exploit itself, don't equal a security flaw in your mind, then you are not qualified to speak to this matter.
The exploit takes five seconds to work. It doesn't matter to the machine being exploited whether the exploit or exploit chain took two hours, two months or two years to develop. The result is the same.
If I were to take six weeks to build a remote keyless entry system for Toyotas that takes five seconds to work, does it matter to the people's whose cars I am accessing that it took me a long time to develop my tool? No. Because each successive car I unlock only takes five seconds.
That the exploit only takes five seconds to work is imminently relevant. An exploit that would for example, take five minutes to work is inherently less reliable and of less overall value.
This is a clear win for Chrome.
No one took a shot at Chrome because Chrome is a much more difficult target to hit for a number well know, well documented and universally recognized reasons.
The rules were a little different for Chrome than the others, but the reward for successfully attacking Chrome was much higher by more than double the monetary amount. Plus, you'd be the first guy to publicly take down Chrome, which passed Safari in browser market share months ago and is currently the browser setting the security standard for mass market security. The table was slanted in Chrome's favor come contest time, but only two teams were willing to try in the first place.
You don't know very much about computers and this post makes that obvious.
First, the reason Mac OS goes down first is because its always tested first. People at pwn2own get to keep the machine they crack so of course they want the mac.
Second, security through obscurity is a myth. It has to do with Mac OS being built on unix. I'm not even going to bother digging up the countless links that prove this (anyone who is a computer science major like myself can tell you).
Third, this is a white hat event meaning Apple already has the information they need for a fix.
As for the "fanboys" comment I see no fanboys, all I see is people like yourself who don't want to give apple credit where credit is due spreading your ill informed opinions all over the board and calling anyone who disagrees a fanboy.
It's only "FIRST" to be compromised because they scheduled it first, ahead of Microsoft I.E. and Mozilla Firefox.
If IE is scheduled first, IE will be first to be compromised.
More about their biased event:
http://obamapacman.com/2010/03/pwn2...erence-cansecwest-partly-microsoft-sponsored/
If IE is scheduled first, IE will be first to be compromised.
More about their biased event:
http://obamapacman.com/2010/03/pwn2...erence-cansecwest-partly-microsoft-sponsored/
Im sure anyone in the world would rather hack something easy and just snag the prize money.
Obama Packman ey.