Mac Security In Spotlight - MacBook Air Hacked, Apple Patch Times

by

A MacBook Air running an up to date installation of Mac OS 10.5 Leopard was the first laptop to fall in last week's CanSecWest PWN2OWN contest, casting the spotlight once again on the Mac's security.

The contest pitted a MacBook Air against a Vista laptop and a Ubuntu Linux laptop, all fully patched. While all 3 laptops did not fall the first day which only allowed attacks against the base OS for a prize of $20,000 (+laptop), the MacBook Air reportedly took only 2 minutes to fall on day 2 when conference rules were relaxed to include all OS-bundled software for a prize of $10,000 (+ laptop).

While details of the exploit are under non-disclosure while Apple works on the issue, the attack was levied against Safari, after the user was directed to a specially crafted website (as allowed by the rules). The exploit has been reported to be an overflow bug in Webkit.

The remaining two laptops survived the rest of the second day, but the Vista laptop fell the following day when Adobe Flash player was installed as the rules were further relaxed to allow for attack of popular 3rd party applications. The Linux laptop was not exploited.

While Apple is aware of and working on the vulnerability, a recent study has claimed that Apple's response time to such 0-day vulnerability patches lags significantly behind that of Microsoft.

The study, conducted by the Swiss Federal Institute of Technology, analyzed 658 vulnerabilities affecting Microsoft products and 738 affecting Apple, all of which were high and medium risk according to the National Vulnerability Database.

"Apple was below 20 [unpatched vulnerabilities at disclosure] consistently before 2005," [said researcher Stefan Frei]. "Since then, they are very often above. So if you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple." [...]

"We think that Apple had fewer vulnerabilities early on, and they were just surprised or not as ready or not as attentive," Frei said. "It looks like Microsoft had good relationships earlier with the security community."

Over the past few years, Microsoft has tried to cultivate a closer relationship with the security community in order to encourage researchers to give it a heads-up about software problems. Apple, however, doesn't appear to have that same sort of engagement yet, and, "based on our findings, this is hurting them," Frei said.

A spot-check of security firm Secunia's statistics show that 6% of 113 bugs found in Apple's Mac OS X operating system from 2003 to 2008 remain unpatched.

Popular Stories

maxresdefault

Where's the New Apple TV?

Monday December 22, 2025 11:30 am PST by
Apple hasn't updated the Apple TV 4K since 2022, and 2025 was supposed to be the year that we got a refresh. There were rumors suggesting Apple would release the new Apple TV before the end of 2025, but it looks like that's not going to happen now. Subscribe to the MacRumors YouTube channel for more videos. Bloomberg's Mark Gurman said several times across 2024 and 2025 that Apple would...
Read Full Article143 comments
top stories 2025 12 20

Top Stories: iOS 26.3 Beta, Major Apple Leaks, and More

Saturday December 20, 2025 6:00 am PST by
You'd think things would be slowing down heading into the holidays, but this week saw a whirlwind of Apple leaks and rumors while Apple started its next cycle of betas following last week's release of iOS 26.2 and related updates. This week also saw the release of a new Apple Music integration with ChatGPT, so read on below for all the details on this week's biggest stories! Top Stories i...
Read Full Article19 comments
iPhone Top Left Hole Punch Face ID Feature Purple

iPhone 18 Pro Features Leaked in New Report, Including Under-Screen Face ID

Tuesday December 16, 2025 8:44 am PST by
Next year's iPhone 18 Pro and iPhone 18 Pro Max will be equipped with under-screen Face ID, and the front camera will be moved to the top-left corner of the screen, according to a new report from The Information's Wayne Ma and Qianer Liu. As a result of these changes, the report said the iPhone 18 Pro models will not have a pill-shaped Dynamic Island cutout at the top of the screen....
Read Full Article63 comments
iOS 26

iOS 26.3 Brings AirPods-Like Pairing to Third-Party Devices in EU Under DMA

Monday December 22, 2025 3:20 pm PST by
The European Commission today praised the interoperability changes that Apple is introducing in iOS 26.3, once again crediting the Digital Markets Act (DMA) with bringing "new opportunities" to European users and developers. The Digital Markets Act requires Apple to provide third-party accessories with the same capabilities and access to device features that Apple's own products get. In iOS...
Read Full Article68 comments
ios 18 security update

Don't Want to Upgrade to iOS 26? Here's How to Stay on iOS 18 [Update: Now Unavailable]

Friday December 19, 2025 10:37 am PST by
Since the beginning of December, Apple has been pushing iPhone users who opted to stay on iOS 18 to install iOS 26 instead. Apple started by making the iOS 18 upgrades less visible, and has now transitioned to making new iOS 18 updates unavailable on any device capable of running iOS 26. If you have an iPhone 11 or later, Apple is no longer offering new versions of iOS 18, even though there...
Read Full Article432 comments
iOS 26

iOS 26.2 Adds These 8 New Features to Your iPhone

Monday December 22, 2025 8:47 am PST by
Earlier this month, Apple released iOS 26.2, following more than a month of beta testing. It is a big update, with many new features and changes for iPhones. iOS 26.2 adds a Liquid Glass slider for the Lock Screen's clock, offline lyrics in Apple Music, and more. Below, we have highlighted a total of eight new features. Liquid Glass Slider on Lock Screen A new slider in the Lock...
Read Full Article
iPhone Chips

Apple Clings to Samsung as RAM Prices Soar

Monday December 22, 2025 6:17 am PST by
Apple is significantly increasing its reliance on Samsung for iPhone memory as component prices surge, according to The Korea Economic Daily. Apple is said to be expanding the share of iPhone memory it sources from Samsung due to rapidly rising memory prices. The shift is expected to result in Samsung supplying roughly 60% to 70% of the low-power DRAM used in the iPhone 17, compared with a...
Read Full Article66 comments
iPhone Fold Vertical Feature

Why Apple's Foldable iPhone May Be Smaller Than Expected

Tuesday December 23, 2025 5:21 am PST by
Apple's first foldable iPhone, rumored for release next year, may turn out to be smaller than most people imagine, if a recent report is anything to go by. According to The Information, the outer display on the book-style device will measure just 5.3 inches – that's smaller than the 5.4-inch screen on the ‌iPhone‌ mini, a line Apple discontinued in 2022 due to poor sales. The report has led ...
Read Full Article151 comments