Successful Mac exploit:
>>>>>
A Mac gets whacked, a second survives
By Robert Lemos, SecurityFocus
Published Monday 23rd April 2007 10:56 GMT
Shane Macaulay strode into the conference hall at the CanSecWest conference on Friday afternoon, balancing a MacBook Pro on his palm and making a beeline for the table displaying two more of the silver laptops.
The well-known security researcher had just spent the morning testing an exploit designed to take advantage of a vulnerability in Apple's Safari browser. He set down his MacBook, connected to the network and started up a web server from which he would host the attack. A conference staff member entered a URL into the Safari browser running on the target machines and, just like that, Macaulay took control of the machine and became the first winner of the CanSecWest conference's PWN to Own contest.
With the hack, Macaulay laid claim to one of two MacBook Pros offered up as a prize to the anyone who could compromise them. While the flaw required some user interaction, the conference organisers, as well as every security researcher interviewed for this article, ranked the vulnerability as a critical flaw and a real threat.
"This is more realistic," Macaulay said of the exploit. "Everyone is going to be behind a router, so you are not going to have a chance to use a fully remote exploit."
The flaw threatens everyone running the Mac OS X, even after applying a patch that Apple released on Thursday.
<<<<<
Rest of the article here: theregister.co.uk
-we- |
