Posted by: David Schneier
Application Security, Information Security Threats
Apple is claiming that it’s new Air is the world’s thinnest notebook PC. Luckily, it didn’t make any claims about the new machine’s security, because it only took Charlie Miller of Independent Security Evaluators a few minutes on Thursday to gain control of a new Air in the annual Pwn2Own hacking contest at CanSecWest. Miller was able to exploit an unpatched vulnerability in Apple’s Safari browser to compromise the notebook, winning himself a $10,000 prize, as well as the Air itself. Not a bad haul for a few minutes of work.
This year’s contest is a bit different from last year’s edition, in that there are three separate machines up for grabs. In addition to the Air, TippingPoint, which sponsors the contest, put up two other machines, one each running Vista and Ubuntu. After Miller cracked the laptop, he turned over details of the attack to TippingPoint, which disclosed it to Apple.