<a href="http://www.pwn2own.com/photo-gallery/#prettyPhoto[]/13/">Pwn2Own</a>
The team took home a $40,000 bounty for their efforts on Safari, as well as a share in a $75,000 prize for co-engineering a zero-day Flash exploit. They say they will donate some of their winnings towards charities representing missing Malaysian Airplane passengers.
The group say that for Safari, they used two different exploit vectors. One vulnerability was a heap overflow in WebKit that enabled arbitrary code execution. The team then used this opening to use another exploit to bypass the application sandbox and run code as if it was user privileged.
According to Chen, one of the pair who represented the Keen Team at Pwn2Own, the WebKit fix is will be easy for Apple to resolve although the sandbox exploit may be harder.
“I think the Webkit fix will be relatively easy,” Chen said. “The system-level vulnerability is related to how they designed the application; it may be more difficult for them.”
That being said, Chen believes that OS X offers better security than its rival operating systems.
“For Apple, the OS is regarded as very safe and has a very good security architecture,” Chen said. “Even if you have a vulnerability, it’s very difficult to exploit. Today we demonstrated that with some advanced technology, the system is still able to be pwned. But in general, the security in OS X is higher than other operating systems.”
In a separate interview with CNET, Chen said that despite the locked-down nature of iOS, Apple’s mobile OS is usually easier to target than OS X because Apple implements newer security safeguards more quickly on the desktop platform.
As usual, Apple representatives observed the exploits at the event so fixes for the issues will likely appear bundled into future software updates for iOS and OS X.
FTC: We use income earning auto affiliate links. More.
Great post.
I’m glad to see Apple and other OS vendors participating in these hacker contests, so that security issues are able to be recognized and handled before they become known to the general public and malicious hackers.
More fantasy hacks. You can hack anything when you have physical access to it. Try it behind a firewall and a secured Mac and I don’t see it happening period.
Going to have to agree with b9bot here. Its valliant that Apple and other such vendors participate in contests like these to try and iron out any and all security exploits, but how exactly would they perform these exploits in the real world? This isn’t a computer sitting next to them with a crack team of researchers, it’ll be over the internet.
I work in a data centre and anyone who tries to break in and exploit windows system gets stopped by simple off the shelf firewalls and they never get any further.
At best I can see these exploits happening via social engineering, but that’s about it.
There are no “fantasy hacks”. Pwn2Own doesn’t work like that. It actually works like real world hacks would, that’s the point.
Hacks are performed via a web page. Hell, the whole event is based around browser attacks. They are done by simply the target device visiting a webpage (of the potential attacker). That’s it.
The security researcher’s job is obviously designing their webpage to exploit a vulnerability in the browser and/or OS and see if they can gain access to the system. There is no “fantasy” stuff.
OS X and iOS ARE among the most secure OSs around, they really are. But they’re not immune to vulnerabilities. Whether they’re prone to being easily exploited or if there are attacks against them taking place in the wild is a whole other thing, but I always find it interesting in a nice way reading through the security content of updates on Apple’s website (http://support.apple.com/kb/HT1222).
Chrome has been updated today, all of Chrome’s exploits have been patched on all platforms within 24 hours.
I wonder how many days it will take Apple.. probably a few days due to their more conservative attitude to updates, and probably (hopefully just) another few due to the latter exploit supposedly requiring more work to fix.
OS X 10.9.3 is coming soon. These security vulnerabilities will be patched. I would still like to see if a virus can be done on OS X. None of these hackers have created a virus.
These drive by attacks are nice if you’re hanging in the dark corners of the internet, or just Godaddy, apple or Paypal hand over your password through a phone call, like decent hackers do it.
Most people could improve their security by simply using strong passwords wherever possible, using a password manager like PasswordVault ( lavasoftware.com ), which has a password generator. The lite edition is free and runs on MacOS and Windows. I wish more people would realize that password managers are the way to go.