Once again, security researcher Charlie Miller has won a hacker contest, the ConSecWest PWN2OWN Contest, by hacking a Mac in record-breaking speed. This time it took a mere ten seconds for him to gain control of a Mac.
To be fair, Miller used an exploit he had developed based on a flaw he had discovered some time ago. But this contest shows that there are serious flaws that are not resolved in Mac OS X. Miller had full control of the Mac he cracked merely by having the judges open Safari and simply click on a link. This shows that Mac OS X – like Windows – is highly vulnerable to “drive-by attacks” whereby users are enticed to visit web sites that can easily exploit flaws in browsers or plug-ins. Hackers who sit behind such sites can take full control of Macs that are hacked, stealing data, installing software, and much more, without requiring that a user enter a user name and password.
Miller won a $5,000 prize, plus the MacBook that he hacked.