Posted on 03/10/2011 1:46:37 PM PST by BobSimons
Apple's OS X is First OS to be Hacked at This Year's Pwn2Own
Charlie Miller lets someone else win a MacBook for a change
The conception that Apple, Inc. computers running OS X are magically more secure than Windows computers was dealt another setback this week. Using a flaw in Apple's pre-installed first-party Safari browser, it took French security pro Chaouki Bekrar merely 5 seconds to hijack the unwitting MacBook at the CanSecWest Conference's pwn2own contest in Vancouver, British Columbia.
On a most basic level the attack exploited Apple's weak memory protections in OS X Snow Leopard. Microsoft, more popular and more commonly attacked, includes two critical types of memory protection -- data execution prevention and robust address space layout optimization (ASLR) -- both of which attempt to prevent memory injection attacks. By contrast, Snow Leopard only supports ASLR and the implementation is badly botched according to hackers.
The attack also exploited poor coding in Apple's branch of WebKit, which features many bugs and security flaws. While Apple's WebKit branch, which powers its Safari browser, shares a certain amount of code with Google's WebKit browser Chrome, Google has added much more robust security layers and is less buggy.
So if Apple computers are less secure than Windows machines, why are Windows machines attacked so much more frequently? Generally, the answer boils down to that there's far fewer Macs and that hackers often have misgivings about mass attacks Unix-like operating systems (Linux, OS X) as they view it as "attacking their own." Ultimately these two factors combine into a greater barrier -- lack of information.
(Excerpt) Read more at dailytech.com ...
LMAO.. 5seconds to hack a mac.
ping
Why, that’s impossible. Only Windoze can be hacked. /s
It’s like the “Hack a Shaq”...only computer like...
The title is a little mis-leading.
A 3-man team worked 2 weeks to reverse engineer Webkit, then discovered an exploit in the way Webkit processes data. Once they had this, they were able to write code to take advantage of this exploit.
So, when the Pwn2own contest started .... hey, first team to crack the Mac - wins the Mac and $15K.
All they had to do was pull the trigger.
I don't know anyone who ever thought this "conception" was magic.
And, as Hodar says, the title is phony.
But if Windows security is good enough for you, then have at it. Just count the working exploits out there in the real world for Mac vs. for Windows.
Or so the iTards tell us.
If the fact that MS has more exploits than Apple is good enough for you, then don’t worry about it. Relax.
You are an Apple-hater -- that's okay, not everybody likes Apple.
But are you also really completely ignorant of how these inane hacking contests work? The amount of time it takes to RUN the script is nothing whatsoever compared to the time it takes to try a dozen different tacks, find one that works, and develop it into a successful exploit.
Headlines and articles like this are just stupid. I'm sorry to see such drivel posted on FreeRepublic.
A discussion of the exploit would be interesting.
A bunch of loons crowing about "5 seconds" is just juvenile.
UNIX bases OSes are very difficult to hack. There are no viruses, as that concept doesn’t work in Unix. Without the root passwd there is very little distruction that can take place. Believe me.
> A bunch of loons crowing about "5 seconds" is just juvenile.
The "loons" I'm referring to are the tech whores at DailyTech, not anybody at FR.
But the results show that when somebody puts in the work to enter that undiscovered country, that Macs prove as hackable as Windows computers or more so.
Luring the user to a suspect site in Safari, the VUPEN researcher remotely launched OS X's calculator app and wrote a file to the disc -- essentially paving the way for a full hijack of the machine. This was all done without the browser crashing or showing any irregularities.
He describes, "The victim visits a web page, he gets owned. No other interaction is needed."
The victim would likely think they merely clicked on a bad URL.
Thats scary going to a webpage and getting pwned..
At least Windows users utilize proactive defenses that block bad or otherwise malicious websites..
quit blowing smoke.
>>>>quit blowing smoke.
Physician, heal thyself.
why cant you even admit when Apple is wrong? Apple had flawed code
So that makes it illegitimate?
The exploit was there and they got in.
But with any Apple issue, it’s everyone fault but Apple’s.
Apple to some of their users is more beloved than their own country.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.