IT Knowledge Exchange

Register

Forgot Password

Site FAQ

Advertisement

Home > IT Blogs > Security Bytes > New Apple Air notebook vaporized in PWN2OWN contest

» VIEW ALL POSTS Mar 28 2008 11:24AM GMT

New Apple Air notebook vaporized in PWN2OWN contest

Posted by: Dennis Fisher

Application Security, Information Security Threats

Apple is claiming that it’s new Air is the world’s thinnest notebook PC. Luckily, it didn’t make any claims about the new machine’s security, because it only took Charlie Miller of Independent Security Evaluators a few minutes on Thursday to gain control of a new Air in the annual Pwn2Own hacking contest at CanSecWest. Miller was able to exploit an unpatched vulnerability in Apple’s Safari browser to compromise the notebook, winning himself a $10,000 prize, as well as the Air itself. Not a bad haul for a few minutes of work.

This year’s contest is a bit different from last year’s edition, in that there are three separate machines up for grabs. In addition to the Air, TippingPoint, which sponsors the contest, put up two other machines, one each running Vista and Ubuntu. After Miller cracked the laptop, he turned over details of the attack to TippingPoint, which disclosed it to Apple.

Comment

RSS Feed

Comment on this Post

You must be logged-in to post a comment. Log-in/Register

Quinn Taylor | Apr 17 2008 1:57PM GMT

“A few minutes of work” is quite the overstatement. While an exploit may run within a few minutes, the preparation behind it is generally not trivial. You might also mention that the exploit came on the second day of the contest, after the rules were relaxed. Or you might not, since it seems there isn’t a great deal of concern for responsible journalism.

It’s easy to write and gloat about successful exploits. However, it may interest you to know that the actual vulnerability was part of the PCRE project <a href="http://pcre.org" title="http://pcre.(" target="_blank">pcre.org</a>) and not Apple-written code. I’m sure they’re miffed that they missed the exploit regardless, but it’s still an interesting detail that nobody has cared to learn or report. Huh.

At any rate, putting “vaporized” in the headline should bring some sensationalism and drive web traffic. Well done you.

Fred Okum | Apr 21 2008 3:36PM GMT

No suprices here given the complete denial of security risks by Apple. We are just waiting for a major virus to target Apple and the class action lawsuit following that. I will have my recording of the Apple store guys saying “Security is not an issue on a Mac” ready to cash in.

Visit Information Security Home | Information Security News | Information Security White Papers | Information Security Videos | Information Security Resources

Ask an IT Question

About the Blogger

Robert Westervelt

Twitter.com/rwestervelt Rob is a news reporter and editor for SearchSecurity.com. Since joining TechTarget in July 2003, Rob has covered SAP, Oracle and the database industry for SearchDatabase.com, SearchSAP.com and SearchOracle.com. Prior to joining TechTarget, Rob was a newspaper reporter for five years at The Day in New London, Conn., where he wrote a variety of crime, general news, government and business stories while covering towns in Southeastern Connecticut. A military veteran, Rob served four years with the U.S. Air Force, U.S. Forces Police in Kaiserslautern Germany. He holds a degree in journalism from the University of Connecticut. READ MORE

>> READ MORE ABOUT THE BLOGGERS

Browse This Blog's Tags

Adobe, Antivirus, antivirus software, Application Security, banking Trojan, botnets, budget, Cisco, CISO, cloud security services, Compliance, Conficker, cross site scripting, Data Breaches and Identity Theft, Data Breaches and Identity Theft, Data leakage, data security, email securit, federal cybersecurity, Firefox security, Identity and access management, Information Security Careers, Information Security Threats, insider threats, Laws, Investigations and Ethics, Microsoft Security, Mozilla security, Network Security, patch management, patching, Phishing, Platform Security, Privacy, ransomeware, risk, Rogue Antivirus, secureworld, Security, security appliance, security budgets, security jobs, Security Management, Security Vendor News, social networking flaws, Twitter security, Uncategorized, web application flaws, Welcome, XSS, zero-day

Security Wire Daily News

brought to you by SearchSecurity.com

Partner Engage 2009: Symantec unveils new programs, incentives for VARs
At the Symantec Partner Engage 2009 channel conference this week, Symantec's new CEO unveiled a new, more channel-friendly vision for the security gia...READ MORE

Microsoft to address flaws in Windows, Office for Mac
Vulnerabilities affecting Windows and Microsoft Office will be updated next week, according to the software giant's advance notification.

Cloud computing data security starts with internal strategy, experts say
EMC's Eric Baize says companies should consider security early and establish trust with the cloud provider. But many factors hinge on an enterprise's ...READ MORE

Expert calls SSL protocol vulnerability a non issue
The researchers who discovered the SSL vulnerability warn that it could have far reaching affects and are working with a consortium of vendors to coor...READ MORE

Two-factor authentication, vigilance foil password theft
Password stealing Trojans, keyloggers and other malware are reaping account credentials by the thousands forcing some to rethink password policies and...READ MORE

Blog Roll

Help

Subscribe to Alerts

RSS feed of Security Bytes

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.

All Rights Reserved, Copyright 1999-2009, TechTarget | Read our Privacy Policy | Site Map

Podcast Powered by podPress (v8.8)