There’s a hacking contest that’s part of CanSecWest going on right now in Vancouver BC and for the second year in a row, a Mac was the first to be hacked. Charlie Miller who is best known for hacking the iPhone, cracked a MacBook Air with nothing but OS X installed in under two minutes by having contest organizers visit a website that contained his exploit code. That code allowed him to take control of the computer and score him the MacBook Air and $10,000. That implies that the hole that he exploited is in the Safari browser, but we won’t know for a while as he has signed a NDA to allow Apple to fix the hole. Last year Shane Macaulay used a Safari hole to score himself a MacBook, so clearly Safari is not as secure as Apple thinks it is. That’s a great reason to switch to FireFox now to protect yourself in the short term (assuming that you don’t already use FireFox) until Apple fixes it. But it really shoots a hole into Apple’s claim that “Apple engineers designed Safari to be secure from day one.” (go to www.apple.com/safari and click Security on the left hand side)
Apple Safari Is Secure…. NOT!
Posted in Commentary, Security with tags Apple, exploit, Hacked, PWNED, Safari on March 28, 2008 by itnerdThere’s a hacking contest that’s part of CanSecWest going on right now in Vancouver BC and for the second year in a row, a Mac was the first to be hacked. Charlie Miller who is best known for hacking the iPhone, cracked a MacBook Air with nothing but OS X installed in under two minutes by having contest organizers visit a website that contained his exploit code. That code allowed him to take control of the computer and score him the MacBook Air and $10,000. That implies that the hole that he exploited is in the Safari browser, but we won’t know for a while as he has signed a NDA to allow Apple to fix the hole. Last year Shane Macaulay used a Safari hole to score himself a MacBook, so clearly Safari is not as secure as Apple thinks it is. That’s a great reason to switch to FireFox now to protect yourself in the short term (assuming that you don’t already use FireFox) until Apple fixes it. But it really shoots a hole into Apple’s claim that “Apple engineers designed Safari to be secure from day one.” (go to www.apple.com/safari and click Security on the left hand side)
Leave a comment »