ITPRO

Printed from www.itpro.co.uk

Register to receive our regular email newsletter at http://www.itpro.co.uk/reg/register.

The newsletter contains links to our latest IT news, product reviews, features and how-to guides, plus special offers and competitions.

Skip to navigation

    MacBook gets hacked in security conference contest

Zero-day vulnerability in Apple Safari allows hacker to gain access to remote shell to MacBook.

By Nik Rawlinson, 23 Apr 2007 at 11:54

A MacBook running a patched up version of OS X was successfully hacked, using an vulnerability in Safari, as part of a Hack a Mac contest.

The vulnerability was exploited at the CanSecWest conference in Vancouver, Canada, by software engineer Shane Macaulay, who won a laptop for his hacking efforts, and security researcher Dino Dai Zovi, who has been credited by Apple in the past for discovering vulnerabilities in its software.

Dai Zovi, who developed the exploit away from the conference and sent it to Macauly who then applied it, will now be submitting his work in an effort to claim the $10,000 bounty on offer for successfully hacking an element of Apple's operating system.

The hacked MacBook was fully updated with the latest version of Mac OS X and all relevant patches, but had no extra security measures in place.

Matasano Security reports that the vulnerability made use of Java, and so could also lay open other browsers on the platform, including Firefox.

Had nobody successful hacked the two MacBooks that acted as test subjects for the contest, they would have been awarded as prizes for the best speakers at the three-day event.

The contest was overseen by TippingPoint's Zero Day Initiative. TippingPoint, a division of 3Com, works to reward the responsible handling of discovered vulnerabilities in systems and software.

Email to a friend

Print this page

Social Bookmark this article: What is this?

Add to: DiggDigg
Add to: Del.icio.usDelicious
Add to: RedditReddit
Add to: StumbleUponStumbleUpon
Add to: SlashdotSlashdot
Add to: GoogleGoogle
Add to: FacebbokFacebook

Be the first to comment on this article

You need to Login or Register to comment.

advertisement

    Latest Server Features

green pound sign

The state of the green IT economy

Will the recession be enough to finally drive the UK to consider green IT?

Read more

 

More Server Features

    Latest Server Reviews

Prism Microsystems EventTracker 6.3

Rating: 4

EventTracker delivers essential log management and analysis but does combining it with systems monitoring, change management and USB access controls complicate things?

Read more

 

More Server Reviews

advertisement

    Latest News Videos in Server

crumpled_tape

Video: How to setup online data backup

Play Video: How to setup online data backup   Play

We show you how to set yourself up with online data backup using popular services such as Carbonite and Mozy.

 

    Blogs

Apple iPhone vulnerability 'as bad as it gets'

Read more

 

    Whitepapers

Want more background on today's hottest IT trends?

Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.

    Register for IT PRO

You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.

Register
Advertisement