Hack a Mac To Own A ProBook and $10,000 USD

I am always up for a good ripping of Apple.

According to their advertisements they are obviously the most secure OS in the world RIGHT????

In January two guys released 1 massive mac bug everyday for the entire month! This became known as the Month of Apple Bugs. Yes many were those critical types that you know, let people take control of your computer.

Then on April 18th a contest was announced by CanSecWest where hackers were told to try to break a Mac Probook with all updates and patches installed. They were given 3 days.

Obviously, it made sense that Apple would release a set of 25 security patches to fix vulnerabilities found in OS X in January on April 19th, one day before the competition began. If they didn't, I'm sure both PC's would have been exploited within the early morning hours on the 20th (say between 12:01AM and 12:10AM Pacific Time both awards would have been given away). OK, it took hackers a day to find new bugs.

First thing day 2 a Safari bug was exploited: the first box required a flaw that allows the attacker to get a shell with user level privilages. The second box, still up for grabs, requires the same, plus the attacker needs to get root.

This hole was a zero day threat. Zero-day attacks can be considered extremely dangerous because they take advantage of computer security holes for which no solution is currently available.

The other box up for grabs has not yet been comprimised, it requires the hacker access the root and I suspect if the hack is zero day, it will not be announced until Apple comes up with a fix.

Over and Out

No comments: