[Osiris]

Say what you all want, because I know its going to be said, but the MAC is not immune to nothing just like every other OS. AS I and other people have said, why should a hacker waste their time when not that many people use it? What benefit will they get? Well if you had a brand new MAC and $10,000, you get a hacked machine in less than 12 hours on a fully patched machine. So maybe this stroy will lay to rest will all those MAC users who think they are immune and that they are better than the rest.................


A New York-based security researcher spent less than 12 hours to identify and exploit a zero-day vulnerability in Apple's Safari browser that allowed him to remotely gain full user rights to the hacked machine. The feat came during the second and final day of the CanSecWest "pwn-2-own" contest in which participants are able to walk away with a fully-patched MacBook Pro if they are first able to hack it.
The exploit means that Dino Dai Zovi is the rightful owner of the 2.3Ghz 15-inch MacBook Pro and a $10,000 prize offered by Tipping Point, which runs the Zero Day Initiative bug bounty program. More importantly, his work effectively throws cold water on tired claims from Apple and its many lackeys that the Mac is all but immune from the kind of security attacks more regularly perpetrated against Windows-based machines.
document.

Dai Zovi, who is not attending the conference, was recruited on Thursday night by Shane Macaulay, a friend and conference attendee. The ease Dai Zovi found in pwning the machine was all the more remarkable, given an update Apple pushed out yesterday patching 25 Mac security holes. Macaulay described Dai Zovi's vulnerability as a client-side javascript error that executed arbitrary code when Safari visited a booby-trapped website.
The pwn-2-own contest got off to a slow start on Thursday. The rules originally mandated an exploit that required no action on the part of the user. The reward for a successful hack was the machine that had been compromised. Conference attendees were underwhelmed, reasoning a Mac exploit that required no end-user interaction could be sold for upwards of $20,000. Things changed significantly on Day 2.
That's when Tipping Point upped the ante with its promise of a $10,000 bounty. Contest organizers also relaxed the rules so exploits could include malicious websites that attacked Safari. At the time of writing, a second MacBook Pro had successfully withstood attacks

[zmatt]

I think this just goes to show that no OS is secure, its just safer. Alot of Apple fanboys have stated that MacOS is invulnerable for years. I believe it was 1995 when they had a really nasty Mac virus that did a great deal of damage. But i guess ignorance is bliss. its not that they are invulnerable, its just that windows pcs are 80% of the market. I think all well informed mac users know this, its only the "n00bs" who wouldn't get the flux capacitor joke who cause all the trouble.

[Osiris]

Mac Hacked Via Safari Browser

A zero-day vulnerability in Safari allowed two attendees of CanSecWest security conference to walk away with a 17” MacBook and $10,000 prize for exploiting two MacBooks in the Pwn-2-Own contest. Not a bad haul considering it only took the contestants nine hours to come up with a working vulnerability.

Macaulay pwned the Mac by sending it an e-mail that directed a user to a malicious site. Upon visiting the site, the user—a CanSecWest organizer perched on the machine to protect it from physical assault—was infected with malware, without clicking on anything within the site.

[Qiranworms]

The only true type of secure computer is an offline one. Any computer on the internet can be "pwned".

Now, you'll never hear me claim that Mac OS or Linux can't be hacked, but in a way, this whole thing sort of supports the security of one area of Mac OS X:

Quote:

The rules originally mandated an exploit that required no action on the part of the user. The reward for a successful hack was the machine that had been compromised. Conference attendees were underwhelmed, reasoning a Mac exploit that required no end-user interaction could be sold for upwards of $20,000. Things changed significantly on Day 2.
That's when Tipping Point upped the ante with its promise of a $10,000 bounty. Contest organizers also relaxed the rules so exploits could include malicious websites that attacked Safari.

If I understand that corrently, the original rules mandated a remote hack. Apparently nobody was making any progress, and it was determined to be too difficult. It seems the contestants were allowed to enter a URL on the target computer to visit a malicious website which they create and use to take over the machine.

It's not that visiting a site in Safara that can take over your computer isn't a significant security issue (that's obviously the cause of the Windows spyware epidemic). But it is interesting that nobody was able to remotely hack it (which, I'm sure is still possible to do)

By the way, nice post count of eighteen thousand .

[Osiris]

Y thanks

[zmatt]

it might have been to difficult for the allotted time frame. if they really wanted to do it someone will find a way.

[Osiris]

Its weird that most of the MAC guys didnt jump in on this, thats a first.....:rolleyes: