As Predicted, Safari First to Fall in Pwn2Own Hacking Contest
As Predicted, Safari First to Fall in Pwn2Own Hacking Contest
Posted 03/19/2009 at 7:05am
| by Paul Lilly
18
Comments
Print
It was a year ago that security researcher Charlie Miller walked away with $10,000 for hacking into a MacBook Air with Safari in just two minutes during the annual Pwn2Own competition, and earlier this month Miller predicted Safari would be the first to fall at this year's event. Miller made good on that promise this week by using a prepared exploit to gain full control of the device in about 10 seconds.
"It's not easy, but this worked with one click [from the Safari browser]", Miller said.
Miller had discovered the exploit last year, which allows a remote attacker to take over a machine if a user clicks on a malicious URL. Details of the exploit, which Miller isn't allowed to divulge, will be shared with Apple from contest sponsor TippingPoint so that Apple can develop a patch.
On the same day, a 25-year-old computer science student at the University of Oldenburg in Germany demonstrated exploits in IE8, Safari, and Firefox, earning him a cool $15,000 ($5,000 per exploit), along with getting to keep the Sony Vaio P series notebook he used (Miller pocketed $5,000 and a MacBook Air).
While three major browsers succumbed to hacking attempts on day one, no mobile exploits have yet been successful. Mobile exploits carry the biggest reward for contest participants, with TippingPoint offering $10,000 for each successful exploit in the major smartphones.
More like this
Khaled
March 22, 2009 at 1:54pm
It's funny what windows users assume of mac users. and what mac users assume of windows users.
guess what? both are wrong..
in another note, Apple should hire Miller :/
mojosico
March 19, 2009 at 10:24am
awww poor mac users . allthough they will say it was rigged buy P.C users as a stab to mac . mac users will probly not even admit it happend . cause steve jobs would'nt steer them wrong steve would'nt tell them that mac is better that pc and not mean it . haha oh well i will step off the soapbox now .
comptech08
March 19, 2009 at 10:14am
I would like to get a Mac book air and put vista ultimate 64-bit on it :)
nekollx
March 19, 2009 at 9:18am
jokes aside this is what i find He-larious
"Miller had discovered the exploit last year"
LAST YEAR
12 whole months and Apple never patched it.
Rob86
March 19, 2009 at 9:31am
yeah, you would think that something like this would be top on the fix it list......
nekollx
March 19, 2009 at 9:46am
but that would require Apple to admit their not perfect...
HEAVEN FORBID!
n0ctis
March 19, 2009 at 7:17am
Hahaha
(If the Apple legions weren't so arrogant and 'my shit doesn't stink' all the time, I wouldn't feel like laughing at things like this.)
AntiHero
March 19, 2009 at 7:24am
My fiancee's sister is a mac fanatic....and every time i tell her something is stupid on it, or doesn't work, or i can't fix it because it's ass backwards, me being a linux person myself, she after 2 hours of convincing and 3 references, thinks it's totally linux, which it's not really. I laugh at her now, after everyone who advocates Apple computers says "we can't get viruses or be hacked, like windows or linux can" No operating system can be hacked easier than Apple as this shows. Linux has a root password (which unless you're retarded, can't be gotten into) and Windows is fairly safe in my experiences. Apple users heed this warning, you're more vulnerable than us because the world knows you don't know what the hell is up when it comes to computers, hence why you own a Mac.
majorsuave
March 19, 2009 at 8:50am
We bought a friend of ours a car with a single pedal... he loves macs.
nekollx
March 19, 2009 at 12:36pm
It's not a single pedal, it's a multi touch pedle, press on the left side for acelleration, right for break
Connect with MaximumPC
Featured Content
We introduce Intel's latest class of tablet killers and review 4 of the first Ultra...
Where have all the memorable videogame enemies gone?
This month's issue
Feature
11 Hardware Hacks
Feature
Overclock Your CPU
How-To
Supercharge Your Smartphone
Build It
A Powerful $830 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Here's what the @horse_ebooks bookmarklet (http://t.co/brE6898A) does to Maximum PC: http://t.co/Y6OhO6zk1 hour 27 min ago
- maximumpc: Microsoft on Patents: Can't We All Just Get Along? http://t.co/g0vginvG3 hours 48 min ago
- maximumpc: Google Drive Cloud Storage: Is Google Preparing To Muscle In On Dropbox? http://t.co/lCWzeYmS4 hours 12 min ago
