Pwn2Own 2009: Safari/MacBook falls in seconds

Discussion in 'OS X and OS X Apps' started by Primo, Mar 19, 2009.

  1. Primo

    Primo Member

    Joined:
    Sep 6, 2006
    Messages:
    156
    Likes Received:
    0
    Here's the article. This was a fully patched Macbook running current software and new security patches. A follow-up article also showed that one security expert managed to hack IE8 and Firefox (using a zero day exploit) on Windows, however it happened later in the day. Here are the results from the event.

    Note that the Safari export works by a person clicking a link, per the rules of the contest no application was downloaded or ran on OS X, just the simple act of clicking a link allows remote control of OS X.

    This is the 3rd year in a row that OS X was the first to fail in security because of Safari exploits. Windows Vista running IE8 and Firefox was only hacked because of an Adobe Flash exploit. Ubuntu remained unscathed...

    Safest route would be to run Firefox on OS X and to NOT run in an Admin account. Interesting isn't it?
     
  2. viral_variance

    Joined:
    Mar 16, 2008
    Messages:
    512
    Likes Received:
    0
    Gender:
    Male
    that's why it always pays to practice OS hardening and best security practices.

    no OS is safe, not even a mac.
     
  3. suavecito

    suavecito PhilMUG Addict Member

    Joined:
    Apr 13, 2005
    Messages:
    4,445
    Likes Received:
    525
    Gender:
    Male
    Location:
    Elm Street
    That's why i have been using Firefox since last year.
     
  4. PaoSison

    PaoSison Member

    Joined:
    Dec 19, 2005
    Messages:
    208
    Likes Received:
    0
    Mac Shot First: 10 Reasons Why CanSecWest Targets Apple

    The article from RoughlyDrafted.com that features backstories and motives on Apple's misrepresentation on their software security.

    Below are a few points:

    1. Exploits discovered for the Mac have little other value outside of contests like CanSecWest.

    2. The CanSecWest contest clearly appears intent to transfer the security focus belaboring Windows to other platforms.

    3. The contest prominently focused attention on the brand name of the MacBook Air

    Continue to read the article for more details...
     
  5. extremeshot

    extremeshot PhilMUG Addict Member

    Joined:
    Nov 22, 2008
    Messages:
    2,349
    Likes Received:
    476
    Location:
    Las Pinas
    Regardless, I still avoid Safari as much as I can. Firefox for me.
     
  6. Salaryman Ryan

    Salaryman Ryan PhilMUG Addict Member

    Joined:
    Oct 18, 2007
    Messages:
    5,894
    Likes Received:
    664
    Gender:
    Male
    Location:
    Tokyo, Manila
    Isn't it contest rules saying that what you hack you get?

    If I was the hacker I would rather have the nicer and more expensive Macbook then the windows/linux laptops ;)
     

Share This Page

  • About PhilMUG

    Since the mid-1990s, PhilMUG (formerly the Philippine Macintosh Users Group) has grown to become not just the Philippines’ but one of the world’s foremost Apple user groups. Our online community brings together thousands of members from the Philippines and around the world for the latest news and discussions covering all Apple products and related hardware and software. Anyone can join PhilMUG, from newbies to experts, subject to our membership rules and guidelines.
  • Like us on Facebook

  • Buy us a beer!

    The staff works very hard to make sure that PhilMUG is running 24/7. Care to buy us a beer or help out with our hosting fees? We'd really appreciate it!

    Donate to us!