Safari zero-day exploit nets $10,000 prize
A New York-based security researcher spent less than 12 hours to identify and exploit a zero-day vulnerability in Apple’s Safari browser that allowed him to remotely gain full user rights to the hacked machine. The feat came during the second and final day of the CanSecWest “pwn-2-own” contest in which participants are able to walk away with a fully-patched MacBook Pro if they are first able to hack it.
The exploit means that Dino Dai Zovi is the rightful owner of the 2.3Ghz 15-inch MacBook Pro and a $10,000 prize offered by Tipping Point, which runs the Zero Day Initiative bug bounty program. More importantly, his work effectively throws cold water on tired claims from Apple and its many lackeys that the Mac is all but immune from the kind of security attacks more regularly perpetrated against Windows-based machines.
Sad. And this comes from a site not exactly known for its Microsoft advocacy.
The idea that hackers have no interest in hacking Macs because it’s so easy to hack Windows (and because there are so many more Windows machines out there) doesn’t hold much water. The only real security Macs have is their obscurity. ANY system can be hacked, given the will and the time.
I’ll stipulate that Microsoft has serious problems that it is only now beginning to address. What’s Apple’s excuse for napping on the Jobs?