Macworld.com is upgrading some back-end systems. Some site features, such as user registration, may be temporarily unavailable.
Subscribe to magazine
MacUser

News, info, and opinion by Mac users, for Mac users.

  • 0 Comments
  • 0 Recommendations

Security researchers hack Safari in contest

Posted on by Dan Moren, Macworld.com

For the second year running, security researcher Charlie Miller has taken home the top prize at security conference CanSecWest in Vancouver, after successfully hacking a MacBook via Safari. Miller exploited a vulnerability in Safari that allowed him to take control of the computer by having the user click on a malicious link.

Miller (pictured) had first crack at the MacBook in the PWN2OWN competition, using a vulnerability that he’d previously discovered and tested on his own to compromise the machine, and the contest was over just moments after it had begun on Wednesday. By doing so, Miller takes home a $5,000 prize and gets to keep the MacBook that he hacked. At the 2008 CanSecWest conference, Miller also won himself a MacBook by hacking Safari, though it wasn’t until the second day of the conference, when the rules were relaxed.

Subsequently, a second hacker by the name of Nils managed to exploit Safari with a different vulnerability, netting himself $5,000 (he managed to snag an additional $10,000 for also hacking Internet Explorer 8 and Firefox).

Besides attacking Safari, Firefox, Internet Explorer 8, and Chrome, contestants also have a shot at compromising a variety of mobile platforms for $10,000 per exploit, including Blackberry, Android, Nokia/Symbian, Windows Mobile, and the iPhone.

Security company TippingPoint, one of the conference’s sponsors, asks all winners to sign an NDA for the vulnerabilities, then turns the bugs over to the vendors for patching. Plus, as with the computers, the winner gets to keep the hacked device along with a one-year service contract (that’s a great angle: congratulations, you’ve compromised the security of this device; now you get to keep it!).

Thursday is the second day of the competition, in which the rules are opened up to allow exploits by popular technologies such as Flash, Java, .NET, and QuickTime. Day one allowed only exploits via software installed by default with the browsers, though it does include all the most recent patches.

[Photo credit: TippingPoint DVLabs]

  • Recommend? 0 YES 0 NO
  • 0 Comments
  •  
  • Print

"Security researchers hack Safari in contest" Comments

Tip us off!

Email: macuser [at] macuser [dot] com

Subscribe/RSS

Old MacUser Archive

About MacUser

  • MacUser is your source for news, info, and opinion about Apple, the Mac, and the iPod. Our dedicated team of bloggers covers everything that is relevant to Mac users - and, okay, some stuff that's not quite relevant, but is still a lot of fun.

Recent MacUser Posts

All MacUser Posts »