MacBook Pro Hacked at CanSecWest Event
Date: Monday, April 23rd, 2007, 08:26
Category: News
It may not be the news everyone wants to hear where Mac OS X security is concerned, but it’s useful to know either way. One of two “honeypot” (computers which are set up as challenges) MacBook Pro laptops was hacked into at the Canadian CanSecWest security conference.
According to MacNN, a team consisting of Matasano Security researcher Dino Dai Zovi and engineer Shane Macaulay were able to design an exploit for Apple’s Safari web browser and gain user-level access to the Mac OS X operating system. The duo were able to successfully run the hack after contest host eased rules and permitted attendees to attack via code sent through malicious web sites instead of trying to enter through Mac OS X itself.
“At this point all we can say is there is an exploitable flaw in Safari which can be triggered within a malicious web page,” they wrote. “Of course all of the latest security patches have been applied. This one is 0day folks.”
The pair is splitting a prize pack of the MacBook Pro used in the exploit and applying for a US$10,000 prize that’s been offered by TippingPoint’s Zero Day Initiative bug bounty program.
Additional details can be found over at the Apple Core blog.
It may not be the news everyone wants to hear where Mac OS X security is concerned, but it’s useful to know either way. One of two “honeypot” (computers which are set up as challenges) MacBook Pro laptops was hacked into at the Canadian CanSecWest security conference.
According to MacNN, a team consisting of Matasano Security researcher Dino Dai Zovi and engineer Shane Macaulay were able to design an exploit for Apple’s Safari web browser and gain user-level access to the Mac OS X operating system. The duo were able to successfully run the hack after contest host eased rules and permitted attendees to attack via code sent through malicious web sites instead of trying to enter through Mac OS X itself.
“At this point all we can say is there is an exploitable flaw in Safari which can be triggered within a malicious web page,” they wrote. “Of course all of the latest security patches have been applied. This one is 0day folks.”
The pair is splitting a prize pack of the MacBook Pro used in the exploit and applying for a US$10,000 prize that’s been offered by TippingPoint’s Zero Day Initiative bug bounty program.
Additional details can be found over at the Apple Core blog.
Recent Posts
- iPhone 5S component photos leaked, could indicate more colors to choose from
- Rumor: AU Optronics may not be part of next-gen iPad mini screen supply chain
- UPS for iPad app goes live, now available in App Store
- Apple releases MacBook Air Flash Storage Firmware Update 1.0 for mid-2012 MacBook Air notebook
- Apple releases iTunes 11.0.3 update
