Mac OS X Hacked in 30 Mins?
CNet is reporting on a competition set up by a Sweden-based Mac site called "rm-my-mac".
The competition set up a Mac mini as a server and invited hackers to break in and gain root control. The winner, identified as "Gwerdna", claims that he exploited a "vulnerability that has not yet been made public or patched by Apple Computer."
Arstechnica explores the exploit a little further and reveals that the competition was a bit unusual in that it didn't represent an entirely remote exploit:
The web site author had enabled SSH [ ... ] and added a web-based interface so that visitors to the site could add their own shell accounts to the system. These shell accounts were given limited user access, so in theory they should not have been able to access or modify any files that were owned by the system or by other accounts. The hacker used a vulnerability in OS X to promote the privileges of this account, thus "gaining root" and becoming able to modify any file on the computer at will.
The University of Wisconsin has posted a rebuttal challenge due to the "woefully misleading" coverage.
...this machine was not hacked from the outside just by being on the Internet. It was hacked from within, by someone who was allowed to have a local account on the box.
While this means your Mac OS X machine is still generally safe when connected to the internet, it shows you do need to be careful in providing accounts to individuals you do not trust.
Popular Stories
Apple today announced a "special Apple Experience" in New York, London, and Shanghai, taking place on March 4, 2026 at 9:00am ET.
Apple invited select members of the media to the event in three major cities around the world. It is simply described as a "special Apple Experience," and there is no further information about what it may entail. The invitation features a 3D Apple logo design...
Apple is looking for a "breakthrough" with its push into wearable AI devices, including an "AirTag-sized pendant," according to Bloomberg's Mark Gurman.
In a report this week, he said the pendant is reminiscent of the failed Humane AI Pin, but it would be an iPhone accessory rather than a standalone product.
The pendant would feature an "always-on" camera and a microphone for Siri voice...
Back at WWDC 2025, Apple revealed that it was planning to allow CarPlay users to watch video via AirPlay in their vehicles while they are not driving, and the first beta of iOS 26.4 suggests the feature may be nearing availability.
There are several new references to CarPlay video streaming functionality within the iOS 26.4 beta's source code. The feature is not yet visible to users, but...
Apple on Monday invited selected journalists and content creators to a "special Apple Experience" on Wednesday, March 4 in New York, London, and Shanghai.
At an Apple Experience, attendees are typically given the opportunity to try out Apple's latest hardware or software. Following the launch of Apple Creator Studio last month, for example, some content creators attended an Apple Experience...
New trade-in data indicates that Apple's iPhone 17 Pro Max has rapidly become the single most traded-in smartphone.
According to a new report from SellCell, Apple's latest flagship iPhone has quickly risen to the top of the independent trade-in market, accounting for 11.5% of all devices appearing in the top-20 trade-in rankings just months after release. The analysis is based on SellCell...
