Mac OS X Hacked in 30 Mins?
CNet is reporting on a competition set up by a Sweden-based Mac site called "rm-my-mac".
The competition set up a Mac mini as a server and invited hackers to break in and gain root control. The winner, identified as "Gwerdna", claims that he exploited a "vulnerability that has not yet been made public or patched by Apple Computer."
Arstechnica explores the exploit a little further and reveals that the competition was a bit unusual in that it didn't represent an entirely remote exploit:
The web site author had enabled SSH [ ... ] and added a web-based interface so that visitors to the site could add their own shell accounts to the system. These shell accounts were given limited user access, so in theory they should not have been able to access or modify any files that were owned by the system or by other accounts. The hacker used a vulnerability in OS X to promote the privileges of this account, thus "gaining root" and becoming able to modify any file on the computer at will.
The University of Wisconsin has posted a rebuttal challenge due to the "woefully misleading" coverage.
...this machine was not hacked from the outside just by being on the Internet. It was hacked from within, by someone who was allowed to have a local account on the box.
While this means your Mac OS X machine is still generally safe when connected to the internet, it shows you do need to be careful in providing accounts to individuals you do not trust.
Popular Stories
An iPhone 17 announcement is a dead cert for September 2025 – Apple has already sent out invites for an "Awe dropping" event on Tuesday, September 9 at the Apple Park campus in Cupertino, California. The timing follows Apple's trend of introducing new iPhone models annually in the fall.
At the event, Apple is expected to unveil its new-generation iPhone 17, an all-new ultra-thin iPhone 17...
Apple today announced its "Awe Dropping" iPhone-centric event, which is set to take place on Tuesday, September 9 at 10:00 a.m. Pacific Time. There are a long list of products that are coming, but we thought we'd pull out five feature highlights to look forward to.
That Super Thin iPhone - Apple's September 9 event will see the unveiling of the first redesigned iPhone we've had in years, ...
Apple's logo for its upcoming September 9 event hints at two rumored iPhone 17 Pro features, including new color options and a vapor chamber cooling system.
Of course, this is all just speculation for fun, as we count down the final days until the event.
New Colors
Last month, Macworld's Filipe Espósito reported that orange and dark blue would be two out of the five color options...
Apple will offer the upcoming iPhone 17 Pro and iPhone 17 Pro Max in a new orange color, according to Bloomberg's Mark Gurman.
Gurman made the claim in the latest edition of his Power On newsletter, adding that the new iPhone 17 Air – replacing the iPhone 16 Plus – will come in a new light blue color.
We've heard multiple rumors about a new iPhone 17 Pro color being a shade of orange. The ...
Apple's cases for the iPhone 17 lineup will be accompanied by a new Crossbody Strap accessory with a unique magnetic design, according to the leaker known as "Majin Bu."
Apple's Crossbody Strap reportedly features an unusual magnetic design; it likely has a "flexible metal core" that makes it magnetic along its entire length. At the ends, "rings polarized oppositely to the strap close the...
Apple hasn't updated the AirPods Pro since 2022 other than a shift from Lightning to USB-C, and the earbuds are due for a refresh. According to Bloomberg's Mark Gurman, Apple will launch AirPods Pro 3 later this year, and apart from new features like heart rate monitoring, we're also expecting a few design changes.
The fourth‑generation AirPods offer useful clues to Apple's design cues for ...
