Macintosh users have the distinction of being the only group of computer users who honestly believe their computers are secure from malware and attacks.
And then every once in a while, someone comes along and blows that belief right out of the water.
At the CanSecWest conference in Vancouver, British Columbia, 18 March, security researcher Charlie Miller exploited a vulnerability in Safari, the default Web browser in Macs, that enabled him to take control of the computer via a malicious link—he just needed a vulnerable user on the other side to click on the link, and bam! He was in.
Miller showed his chops at the conference’s PWN2OWN competition, which he also won last year by exploiting a vulnerability he had already discovered but hadn’t yet alerted Apple about (in truth, all contestants start the competition with knowledge of a vulnerability that they previously discovered—it saves time). As the winner, he takes home £3500 and the machine he successful hacked.
This year’s PWN2OWN competition pitted two machines – a Sony Vaio PC running a prerelease Windows 7 beta with Internet Explorer 8, Firefox and Google’s new Chrome browsers; and a MacBook running Safari and Firefox.
The contest, which was sponsored by TippingPoint, actually helps the vendors by alerting them of vulnerabilities. Winners are asked to sign a confidentiality agreement regarding the vulnerabilities, and TippingPoint then turns over the information to the vendors for patching.
A second security researcher, “Nils,” successfully hacked Internet Explorer 8, performing a download attack to take full control of the Sony Vaio PC. Nils also had successfully hacked Safari shortly after Miller through a separate vulnerability. For both hacks – and one on Firefox through a zero-day flaw – he walked away with £10,500 total.
Security vendor Flashpoint debuts partner programme following $28m funding
Complex buying journeys and sprawling partner networks hampering customer experience, says Accenture
Datacentre provider Cyxtera says launch is “milestone in our go-to-market strategy”
Ensono highlights importance of mainframes still to major industries
Security vendor VASCO looks to replicate UK and German set up across EMEA
Splunk details investment in Partner+ programme at .conf2017