On TV.com: THE LAST AIRBENDER Movie Trailer
BNET Business Network:
BNET
TechRepublic
ZDNet

March 18th, 2009

Pwn2Own 2009: Safari/MacBook falls in seconds

Posted by Ryan Naraine @ 4:05 pm

Categories: Apple, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Hirings and firings, Linux

Tags: Ryan Naraine

[ UPDATE: IE 8 and Safari also fall ]

VANCOUVER, BC — Charlie Miller has done it again.  For the second consecutive year, the security researcher hacked into a fully patched MacBook computer by exploiting a security vulnerability in Apple’s Safari browser.

“It took a couple of seconds.  They clicked on the link and I took control of the machine,” Miller said moments after his accomplishment.

The contest kicked off at exactly 3:15 PM and, within seconds, Miller launched his drive-by attack and claimed the $10,000 top prize.  He also got to keep the MacBook machine.

Miller said he came to the CanSecWest security conference with a plan to hack into Safari and had tested the exploit carefully to ensure “it worked the first time.”

TippingPoint’s Zero Day Initiative has acquired the exclusive rights to the vulnerability and coordinate the disclosure and patch release process with Apple.

Technical details of the vulnerability will not be released until a patch is ready.

Several hackers are currently attempting exploits against Internet Explorer 8 and Firefox but those browsers are still standing.

See the final contest rules here.

[ UPDATE: IE 8 and Safari also fall ]

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 119 Talkback(s)
...
yeah.... immature... whatever you say spanky.

http://en.wikipedia.org/wiki/Schadenfreude

On the fl... (Read the rest)
Posted by: ariesghost Posted on: 05/07/09 You are currently: a Guest | | Terms of Use
Again?  Sleeper Service | 03/18/09
First to fall - two years in a row - in a few seconds!  BillDem | 03/19/09
Easy Hack  chromeronin | 03/23/09
re: Easy Hack  rtk | 03/23/09
Need more details, please  KaplanMike | 03/23/09
HAHAHAHAHAHAHAHAHA!!!!!  NonZealot | 03/18/09
Seems like your mouth is very wide open when...  Grayson Peddie | 03/18/09
@Grayson Peddle  Axsimulate | 03/19/09
@NonZealot  Axsimulate | 03/18/09
Sure I will! I'll also respond here  NonZealot | 03/18/09
Or...  Richard Flude | 03/18/09
I have proof it isn't the most desirable prize  NonZealot | 03/18/09
Let me get this right  Richard Flude | 03/18/09
Um, who is the better expert?  NonZealot | 03/18/09
Cross purposes  Richard Flude | 03/18/09
Now hold the phone a sec...  Wolfie2K3 | 03/19/09
I wonder why....  arminw | 03/19/09
Wake Up  The Smoking Man | 03/24/09
you need to smell that the apple is cooking  ariesghost | 05/07/09
NZ, give appropriate credit...  MGP2 | 03/18/09
NZ, give appropriate credit...  windozefreak | 03/19/09
Fell First  chromeronin | 03/23/09
Double double your refreshment...  MGP2 | 03/18/09
@MGP2  Axsimulate | 03/19/09
Last laugh  ImpartialObserver | 03/23/09
re: last laugh  rtk | 03/23/09
apologist? yup, I think so  ariesghost | 05/07/09
you forgot - ROTFLMAO!!!!!!!!!!!  Pembo | 03/23/09
Not a fan of Apple  mdsock@... | 03/23/09
I agree but.....  tbcass | 03/24/09
...  ariesghost | 05/07/09
yea.... "non-zealot"  RGalway | 03/25/09
I had to read it again. OS X fell in SECONDS??!!??!!  NonZealot | 03/18/09
Ride the Hyperbole  DannyO_0x98 | 03/18/09
Too quick to defend Apple?  TylerM89 | 03/18/09
Cost of Conficker?  Christian_<>< | 03/18/09
I'll tell you the cost  NonZealot | 03/18/09
You seem to forget about those who patched only to see  InAction Man | 03/19/09
Really?  Sleeper Service | 03/19/09
the key point?  RGalway | 03/25/09
Key Point  Jkirk3279 | 04/14/09
IE8...  evilkillerwhale@... | 03/23/09
If OSX is least secure....  arminw | 03/19/09
Are you sure?  wezhind@... | 03/19/09
If this is true,  tbcass | 03/24/09
Wow that's a pretty rotten Apple  theoxygenthief | 03/18/09
Get a clue  rag@... | 03/19/09
Are you sure?  theoxygenthief | 03/19/09
Pwn2Own  Jkirk3279 | 04/14/09
Paid for by M$ Wormdows with Conficker package!  Christian_<>< | 03/18/09
RE: Pwn2Own 2009: Macbook falls in seconds  DannyO_0x98 | 03/18/09
Suprised?  Mewshew | 03/18/09
It will be interesting to see if he cheated again this year  frgough | 03/18/09
It's a good thing malware authors don't cheat.  NonZealot | 03/18/09
True.. but..  Mewshew | 03/18/09
No, what is even MORE crazy is that frgough keeps advertising this!!  NonZealot | 03/18/09
Deliberate strategy?  Mewshew | 03/18/09
frgough is not the true author of the post bearing his handle  InAction Man | 03/19/09
Does anyone know how I can reach him?  GAXXIS | 03/19/09
Is his machine a Win or Mac? :-P (nt)  theoxygenthief | 03/19/09
RE: ... if he cheated again this year  n0neXn0ne | 03/18/09
Since you're so hooked on this cheating argument...  ye | 03/19/09
@frgough  Axsimulate | 03/19/09
Rubbish  kitko | 03/18/09
Social Enginnering is a real attack, and very effective.  logicearth@... | 03/18/09
What kind of user  LiquidLearner | 03/19/09
Answer? A MAC user  UsersRevil | 03/22/09
And your point is ?????  GetReal-mac.com | 03/23/09
That's right  rag@... | 03/19/09
Sooo.....  wcb42ad | 03/23/09
You're right.  ashdude | 03/18/09
You missed that part where...  logicearth@... | 03/18/09
Didn't it say somewhere on ZDnet recently that 80%  DevJonny | 03/19/09
If...  no_zd_user_name | 03/19/09
Yeah right...  Asiafish | 03/23/09
RE: Pwn2Own 2009: Macbook falls in seconds  wings_rfs@... | 03/19/09
Which wold be true...  Sleeper Service | 03/19/09
No One Cares???  wings_rfs@... | 03/19/09
Whoose go those goal posts.  ye | 03/19/09
Security through obscurity myth  Predrag Vasic | 03/19/09
Irrelevant. Stupid to compare todays numbers for OS X and "yesterdays"...  ye | 03/19/09
The answer is Market Share and the hackers' love for a good hard challenge  InAction Man | 03/19/09
You're right...  MGP2 | 03/19/09
Which is a lie  hasta la Vista, bah-bie | 03/19/09
Not necessarily  mdsock@... | 03/23/09
Charlie said so  sk3pt1c | 04/01/09
re: Charlie said so  rtk | 04/01/09
wow.  evilkillerwhale@... | 03/23/09
Lack of MacBook failure in actual article?  mail.mail | 03/19/09
Not enough details have been released.  ye | 03/19/09
RE: Pwn2Own 2009: Macbook falls in seconds  RTTECH82 | 03/19/09
More FUD  rag@... | 03/19/09
RE: Pwn2Own 2009: Macbook falls in seconds  Average-IT-Guy | 03/19/09
FUD Time Again  rag@... | 03/19/09
RE: Pwn2Own 2009: Macbook falls in seconds  wings_rfs@... | 03/19/09
RE: Pwn2Own 2009: Macbook falls in seconds  cwkoller2@... | 03/19/09
Report the whole story ZD, not just the Mac bash...  GAXXIS | 03/19/09
RE: Pwn2Own 2009: Macbook falls in seconds  ewelch | 03/19/09
a moot point  therizzlejebus | 03/19/09
Reply  Ajazelle9 | 03/19/09
OS HackZ  chromeronin | 03/23/09
Fully patched Ford Explorer still kills people  jgwinner | 03/19/09
Capital Offense  Wilburysfan | 04/04/09
Non Apple Users Are 10 Years Old.  Ajazelle9 | 03/19/09
Mac Virus? But Best Buy said it's not possible! happy  jgwinner | 03/19/09
This wasn't a virus, obviously...  KaplanMike | 03/23/09
(Get a clue) The point is ...  washjc | 03/19/09
RE: Pwn2Own 2009: Macbook falls in seconds  Travis Hutchinson | 03/19/09
RE: Pwn2Own 2009: Macbook falls in seconds  wezhind@... | 03/19/09
I read in an encyclopedia..  JCitizen | 04/17/09
Too funny watching all these Mac lunitards  Scrat | 03/20/09
A river of Apple sauce! happy  JCitizen | 04/17/09
when i use OSX  magallanes | 03/23/09
It's all about time  brendan@... | 03/23/09
unfortunately, it was Fx on OS X  rtk | 03/23/09
Couldn't Be More Irrelevant  His_Shadow | 03/23/09
RE: Pwn2Own 2009: Macbook falls in seconds  iMusicus | 03/23/09
RE: Pwn2Own 2009: Macbook falls in seconds  gennx30 | 03/23/09
ZDNet and the comments here  roodtjan | 03/24/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement
Click Here

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here