MacBook gets hacked in security conference contest
Zero-day vulnerability in Apple Safari allows hacker to gain access to remote shell to MacBook.
A MacBook running a patched up version of OS X was successfully hacked, using an vulnerability in Safari, as part of a Hack a Mac contest.
The vulnerability was exploited at the CanSecWest conference in Vancouver, Canada, by software engineer Shane Macaulay, who won a laptop for his hacking efforts, and security researcher Dino Dai Zovi, who has been credited by Apple in the past for discovering vulnerabilities in its software.
Dai Zovi, who developed the exploit away from the conference and sent it to Macauly who then applied it, will now be submitting his work in an effort to claim the $10,000 bounty on offer for successfully hacking an element of Apple's operating system.
The hacked MacBook was fully updated with the latest version of Mac OS X and all relevant patches, but had no extra security measures in place.
Matasano Security reports that the vulnerability made use of Java, and so could also lay open other browsers on the platform, including Firefox.
Had nobody successful hacked the two MacBooks that acted as test subjects for the contest, they would have been awarded as prizes for the best speakers at the three-day event.
The contest was overseen by TippingPoint's Zero Day Initiative. TippingPoint, a division of 3Com, works to reward the responsible handling of discovered vulnerabilities in systems and software.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Nik Rawlinson is a journalist with over 20 years of experience writing for and editing some of the UK’s biggest technology magazines. He spent seven years as editor of MacUser magazine and has written for titles as diverse as Good Housekeeping, Men's Fitness, and PC Pro.
Over the years Nik has written numerous reviews and guides for ITPro, particularly on Linux distros, Windows, and other operating systems. His expertise also includes best practices for cloud apps, communications systems, and migrating between software and services.