Apple Safari hacked in matter of seconds

Security researchers also take control of Internet Explorer 8 and Firefox in the space of a day for a hacking contest - which Microsoft supports.

A security researcher has hacked into a fully-patched Macbook in seconds by exploiting a security flaw in Apple's Safari browser, according to reports.

Security analyst Charlie Miller won a thousand dollar prize and a new Macbook at Canada's CanSecWest security conference in its Pwn2Own contest, an annual hacking competition pitting researchers against browser technologies.

Ryan Naraine, a security evangelist for Kaspersky, was twittering and blogging from the event.

Naraine said that Miller used a drive-by exploit that he had already tested carefully, after coming to the conference with a plan to hack into the browser.

Miller said: "It took a couple of seconds. They clicked on the link and I took control of the machine."

Miller won the contest last year when he managed to hack another fully patched Macbook, that time "only" in minutes.

Naraine said that TippingPoint's Zero Day initiative acquired exclusive rights to the vulnerability and would coordinate the disclosure and patch release process with Apple.

Microsoft's new Internet Explorer 8 browser and Mozilla Firefox lasted longer, but were also hacked in the first day of the conference.

A security researcher called "Nils" took full control off a Sony Vaio running Windows 7 using a drive-by download attack. Microsoft's security response team was reported to have witnessed the exploit.

"Nils" was also the second hacker to beat Safari, and also exploited a Firefox zero-day flaw.

Perhaps surprisingly, Microsoft pledged its support to the competition.

Sarah Blankinship, security strategist for Microsoft's Ecostrat team, said in a blog post that good security dictated that you couldn't hide from the truth and every issue was an opportunity to learn and improve.

She said: "We recognise that all vendors' products may be found vulnerable.

"Microsoft welcomes the contest as another opportunity to engage the security community in productive dialogue around responsible disclosure and effective security engineering."

Apple declined to comment, while Mozilla had not responded to our request for comment at time of writing.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

MacBook Pro owners report MagSafe charging issues
Laptops

MacBook Pro owners report MagSafe charging issues

30 Nov 2021
Apple's mixed reality headset could debut in 2022
augmented reality (AR)

Apple's mixed reality headset could debut in 2022

29 Nov 2021
Mozilla to end support for Firefox Lockwise password manager
web browser

Mozilla to end support for Firefox Lockwise password manager

24 Nov 2021
Apple sues NSO Group over Pegasus attacks on its customers
spyware

Apple sues NSO Group over Pegasus attacks on its customers

24 Nov 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021