We reported yesterday on the PWN 2 OWN hacking contest held at the CanSecWest security conference, where there was to be a showdown with a MacBook Air facing a Windows computer and a Linux computer. Well, the dust has settled, and the Mac is the winner–well, the loser. The Mac was hacked in a mere two minutes by security researcher Charlie Miller, who directed the organizers to visit a web site which contained his exploit code. To be fair, none of the computers were breached on the first day, when hackers could only access the computers over a network, but once they relaxed the rules to allow the computers to have access to the web or to e-mail, the Mac fell quickly.
According to Macworld reports, “Contest rules state that Miller could only take advantage of software that was preinstalled on the Mac, so the flaw he exploited must have been accessible, or possibly inside, Apple’s Safari browser.” But Miller is not allowed to discuss the vulnerability until the contest organizers can notify the vendor. One of the judges said that Apple was already hard at work patching the flaw.
What this points out is that there are people who are aware of serious vulnerabilities in Mac OS X, but who don’t tell Apple right away. Security Researcher Charlie Miller apparently had one up his sleeve, and saved it for the contest, rather than spill the beans to Apple. But if security researchers know of flaws, it’s sure that malicious hackers know of them as well.
The Windows and Linux computers are still waiting to be breached…
