Apple's Leopard hacked in 30 seconds

Submit

Apple's Leopard has been hacked within 30 seconds using a flaw in Safari, with rival OSes Ubuntu and Vista so far remaining impenetrable in the CanSecWest PWN to OWN competition.

Security firm Independent Security Evaluators (ISE) — the same company that discovered the first iPhone bug last year — successfully compromised a fully patched Apple MacBook Air at the CanSecWest competition, winning them US$10,000.

Although the competition recorded the hack taking eight minutes, Charlie Miller, a principal analyst with ISE, told ZDNet.com.au that it took just 30 seconds and was achieved using a previously unknown flaw in Apple's Web browser Safari.

"It might have taken eight minutes to sit down and open the computer, but when the competition started, 30 seconds later it was over," said Miller.

Apple has been notified of the flaw, according to the intrusion detection company which offers the prize money, TippingPoint.

Competitors in the hacking race were allowed to choose either a Sony laptop running Ubuntu 7.10, a Fujitsu laptop running Vista Ultimate SP1 or a MacBook Air running OSX 10.5.2.

"We could have chosen any of those three but had to make a judgment call on which would be the easiest and decided it would be Leopard," Miller said.

"Every time I look for [a flaw in Leopard] I find one. I can't say the same for Linux or Windows. I found the iPhone bug a year ago and that was a Safari bug as well. I've also found other bugs in Quicktime."

When the three decided to enter the competition a few weeks ago, they began looking for a bug and then spent time refining the attack to ensure it worked well on competition day.

The technique used to PWN the MacBook Air was similar to a phishing attack where a victim is sent a link which they click on to visit a site containing malicious code, said Miller.

"Basically you type in something to the Web browser and go to Web site that is controlled. In real life, you would get a link an e-mail and if you clicked on it, that would be the same thing," he said.

But hacking Leopard was not meant as an attack on Apple, according to Miller: "I use a MacBook all the time and that's what I used in the contest to attack the MacBook Air. I like Macs. That's the reason I went for it — it's in my best interest for them to be as secure as possible."

Talkback

Quick Poll

What is the biggest data management challenge in your organisation?

Inconsistent data and overlapping sources
Rising management and maintenance costs
Scaling the database to meet business needs
Handling analysis of streaming data
Complexity in data security auditing and reporting databases
Inability to keep up with growth in requirements

ZDNet Australia Live

Facebook Platform experiencing JS SDK issues http://t.co/AW8sGj8F

13 minutes ago by digitalestore on twitter, retweet

look at aimersoft dvd to iphone converter for promotion code aimersoft dvd to iphone converter for less

15 minutes ago by Dypowgenny on Dear computer mouse: You're dumped

NBN truck halted by manufacturing fault http://t.co/LvGfwocN

53 minutes ago by cablefarm on twitter, retweet

Travel Tech Q&A: Dodo's Larry Kestelman http://t.co/n4TYTAep

1 hour ago by GlobeAdventure on twitter, retweet

I agree that the NSWDET, is becoming a bit excessive with their blocking of sites. It is especially infuriating when I constantly visit a...

1 hour ago by KallinaMiran on Teachers attack NSW DET filter

Facebook Platform experiencing JS SDK issues http://t.co/ra9COk6d

1 hour ago by MobiMediaMarket on twitter, retweet

Travel Tech Q and A: Dodo's Larry Kestelman http://t.co/b58O1A0Z

1 hour ago by iPad_Cable on twitter, retweet

Web research on the iPad using Evernote and Skitch (how-to) | ZDNet http://t.co/DUfwleVz via @twttimes

2 hours ago by Bernm9 on twitter, retweet

Travel Tech Q&A: Dodo's Larry Kestelman - ZDNet Australia: Travel Tech Q&A: Dodo's Larry KestelmanZDNet Australi... http://t.co/MTPXWwiz

2 hours ago by _traveling on twitter, retweet

"If you want to understand why a company acts the way it does, just follow the money". Microsoft, Apple and Google http://t.co/0GwAIRSo

2 hours ago by adamphosho on twitter, retweet

Never hold it in again! DOHA tenders for Toilet Map back-end - #GIS http://t.co/HCtEgLA3 via @zdnetaustralia

3 hours ago by Geocrusader80 on twitter, retweet

Why #smallbiz should care about the megaupload debacle: http://t.co/9i7Zrdw9 #SMEs #SMBs

4 hours ago by PriceyJohnDoe on twitter, retweet

Sex Tech Weekly: Megaupload, Match Singles Data, Obscenity Copyright, China Porn Spam Kings http://t.co/fVBJwY1z

4 hours ago by MobiMediaMarket on twitter, retweet

Europeans may not implement ACTA due to Poland retraction. http://t.co/suY9It1i

4 hours ago by ddieno on twitter, retweet

Microsoft, Apple, and Google: where does the money come from? http://t.co/WIvDSxOH

4 hours ago by engwsm on twitter, retweet

Surprise-Facebook, Twitter more addictive than alcohol, tobacco
http://t.co/MUPU2QZs

4 hours ago by AndersonInfoSys on twitter, retweet

#Facebook #apps trippls at work @futureworkplace @slbootcamp #slbootcamp - http://t.co/jHjm7d42

4 hours ago by 2020workplace on twitter, retweet

#Facebook #apps trippls at work @2020Workplace @futureworkplace #slbootcamp - http://t.co/h8ZZCiSo

4 hours ago by slbootcamp on twitter, retweet

Poland sees the light and suspects its process to approve the ACTA: http://t.co/jDvu441Z

4 hours ago by DamienMcKenna on twitter, retweet

Reality bites! Ouch for startup booom... http://t.co/w2X2SwUW

4 hours ago by almaujudy on twitter, retweet

RT @almaujudy: Reality bites! Ouch for startup booom... http://t.co/w2X2SwUW

4 hours ago by yopiesuryadi on twitter, retweet

Chris Dodd and the MPAA: bribery or politics as usual? - ZDNet (blog)

4 hours ago by KoolTbri on twitter, retweet

RT @kylepace: Web research on the iPad using Evernote and Skitch (how-to): http://t.co/ElQgO8kJ #edtech #mlearning

4 hours ago by lennieowendavis on twitter, retweet

RT @yelvington: German smackdown of Apple knocks iProducts off market http://t.co/rQmNZSFi maybe they shouldn't have started this patent war.

4 hours ago by piratebot420 on twitter, retweet

Gadget Reviews Samsung Replenish - onyx black (Boost Mobile) http://t.co/VCISMrjI Via ZDnet

4 hours ago by Gadgets4G on twitter, retweet

Samsung Replenish - onyx black (Boost Mobile): Keep in mind that the Samsung Replenish is an entry-l... http://t.co/raP6rBPC LR=U1281182

4 hours ago by yul1anto on twitter, retweet

#IBM, USC use #Twitter to pick favorite quarterback in #SuperBowl http://t.co/ZZWPa9Yp

4 hours ago by FChristianC on twitter, retweet

RT @asaunders: Another old friend abandons ship. http://t.co/PHAxktwh

4 hours ago by tonged on twitter, retweet

RT @hackernewsbot: The 'Startup Boom' is a disguised jobs fair for big corporations... http://t.co/ArR7HgIc

4 hours ago by DaddyDan on twitter, retweet

Be everywhere: Google’s real social strategy | ZDNet http://t.co/vrwZOKYP via @kuratcom

4 hours ago by DailyDealsWatch on twitter, retweet

RT @ingramchen: Silicon Valley's dirty little secret: The 'Startup Boom' is a disguised jobs fair for big corporations http://t.co/3ZCChSI7

4 hours ago by haocheng on twitter, retweet

Apple, google, microsoft. Where does the money come from and how it affects behaviour. - http://t.co/QHfcBgxJ

4 hours ago by royahuis on twitter, retweet

Amped #Wireless #High #Power Wireless-N 600mW #Gigabit #Router (R10000G) http://t.co/eQLSpcHc

4 hours ago by FChristianC on twitter, retweet

RT @applespotlight: Where the money comes from:
Apple vs Microsoft vs Google
http://t.co/vNTZ2eYO

4 hours ago by stepanrysavy on twitter, retweet

Web research on the iPad using Evernote and Skitch (how-to) http://t.co/U2whUhni via @zite #edchat

4 hours ago by mr_isaacs on twitter, retweet

RT @Techmeme: Windows Phone developer lead leaves for Amazon's Kindle team (@maryjofoley / All about... http://t.co/OX7Zo2tK http://t.co/M7Ooyj1A

4 hours ago by iAmCoder on twitter, retweet

Hi guys! http://s017.radikal.ru/i409/1111/3d/1ed945824087.gif http://coedmagazine.files.wordpress.com/2010/1...

5 hours ago by EffeftHem on Abetz shifted in reshuffle

ZDNet: Chinese Workers "Need To Suffer" | Hao Hao Report http://t.co/jIwEj7jc

5 hours ago by ChinaLetter on twitter, retweet

here is link to the hip area to megauploade megauploade http://173.192.82.7/ i'm also asking you to portion the join...

6 hours ago by wepUnpardarem on Filter legislation not drafted: govt forum

......ummm, The NBN is an investment and one that will bring the world to us and not further away. BTW THE NBN IS AN INVESTMENT AND ONE T...

10 hours ago by wesley5500 on Abbott paving a telecoms road to nowhere

We purchased a new W7 PC over 6 months back but no-one in this house bothers to use it. W7 constantly refuses to play nice with XP on our...

11 hours ago by grump on Windows XP clings on as dominant OS

Apple forced to remove 3G iPad2, iPhone 3GS & iPhone 4 from Germany online store. It seems like the Motorola patents which Google is acq...

16 hours ago by myproffs on ITC rejects Apple's battle with Motorola

Yes thats the idea of a diploma or degree, isnt it?

17 hours ago by SAMUAL on Union fires up over Westpac outsourcing

Hi! my identify is Jully. I would like to meemeet admissible attendant :) This is my homepage [url=]http://jskdh5jkd7djh4.com/[/url]l...

19 hours ago by Speedgekelp on Broadband Speedtest

ipod pakistan

19 hours ago by rattJurse on Can CEO-in-waiting give AMD a jumpstart?

I had no idea westpac had such financial problems that they have to slash staff. Quick everyone pull your money out of them quick. I wa...

19 hours ago by deonast on Tech jobs to go in Westpac cuts

Online shopping is best option for time&money saving. Choose authentic stores to buy branded products. Find Online Shopping& money saving...

20 hours ago by ManishG on Shopping online: so much more than GST

to buy imtoo dvd to iphone converter suprisely imtoo dvd to iphone converter for gift

20 hours ago by leawlrichard on Online retail fails Gen Y impatience test

Opracowano ponad 2000 definicji public relations]. Podstawowy schemat zawiera po pierwsze, Organizacje, realizujaca misje o charakterze p...

20 hours ago by AgencjaPr on iiNet undercuts Internode with NBN pricing

I am sure you will love imtoo dvd to iphone converter to get new coupon imtoo dvd to iphone converter , just clicks away

21 hours ago by Snawncamie on Oz start-ups hamstrung by lack of vision

I'm sure the best for you imtoo dvd to iphone converter online shopping imtoo dvd to iphone converter and check coupon code available

21 hours ago by hoaspvernia on Telstra, not gormless Libs, plaguing Conroy

buy best xilisoft dvd to iphone converter with confident for less

21 hours ago by Dypowrobbyn on Hackers should be given a second chance

"That's why we need an NBN fibre to the node, to supply backhaul to ADSL exchanges" None of that actually makes any sense. "but we do ...

21 hours ago by Hubert Cumberdale on Abbott paving a telecoms road to nowhere

"but not at any cost!!!!!" What in your opinion would be an acceptable cost to build a FTTH network covering 93% of premises in Australi...

21 hours ago by Hubert Cumberdale on Abbott paving a telecoms road to nowhere

sell xilisoft dvd to iphone converter for more with confident

22 hours ago by leawlmarna on Went to Gartner. All I got was this podcast

This story has been voted 5 times in the last 24 hours!

23 hours ago, Abbott paving a telecoms road to nowhere

Keep up with ZDNet Australia

Inside ZDNet Australia

ZDNet / Air / Story

Apple's Leopard hacked in 30 seconds

Topics

Top related stories

Related gallery

Related video

Related stories

Talkback

Resource Centre Useful content from our premier sponsors

Quick Poll

ZDNet Australia Live

Facebook Activity

Keep up with ZDNet Australia

ZDNet Events Calendar

Plan Comparison

Sponsored resources

Inside ZDNet Australia

Services