OS X First OS to be Hacked in PWN 2 OWN Contest

What do you get when you hold a contest and offer up $10,000 and a free laptop to the first person to hack an OS? You get a MacBook Air hacked in two minutes flat. Yesterday was day two of the CanSecWest security conference’s PWN 2 OWN hacking contest and Charlie Miller made quick work of Apple’s super-slim notebook. Ok, so maybe Miller really took a day and two minutes, but he still landed himself a sweet prize thanks to some solid hackery. The OSes involved? Mac OS X, Windows Vista and Linux. Day one of the competition was very uneventful. The rules stipulated that on day one of the competition, contestants were only permitted to attempt attacks over the network. On day two things turned around when contests were allowed to instruct contest organizers to visit a web page or open an email. Within two minutes Miller had prepared his exploit code and instructed organizers to visit a web site. Game over. Miller had seized control of the MacBook Air and landed himself a nice prize, seemingly using a hole in Safari as contestants were only permitted to take advantage of preinstalled software. Interestingly, no contestant was able to get into the Vista or Linux boxes during all of Wednesday or Thursday. Today, the last day of the competition, hackers will be permitted to exploit thrid-party applications installed on the computers. TippingPoint’s Manager of Security Response Terri Forslof, predicts that contestants will make quick work of the systems today as a result.

Read