Researchers Exploit Safari Security Hole in Five Seconds at PWN2OWN

114003 cansecwest 2011

ZDNet reports that a MacBook running Safari was the first machine to fall victim to a security exploit in the PWN2OWN hacker challenge at the CanSecWest conference in Vancouver, Canada. French security researchers compromised the MacBook and launched code within five seconds of contacting the machine, winning a $15,000 cash prize and a new 13-inch MacBook Air for their efforts.

VUPEN co-founder Chaouki Bekrar lured a target MacBook to a specially rigged website and successfully launched a calculator on the compromised machine.

The hijacked machine was running a fully patched version of Mac OS X (64-bit).

In an interview with ZDNet, Bekrar said the vulnerability exists in WebKit, the open-source browser rendering engine. A three-man team of researchers spent about two weeks to find the vulnerability (using fuzzers) and writing a reliable exploit.

While Bekrar noted some difficulties in preparing the exploit due to a lack of documentation on how to exploit 64-bit Mac OS X code, his team was ultimately able to bypass several anti-exploit tactics included in Mac OS X to demonstrate how a machine could become comprised simply by visiting a malicious webpage and without crashing the browser.

Macs have become popular targets for researchers seeking to find security holes, with CanSecWest being a major forum for discussion and demonstration of their work. In 2007, the conference sponsored a "Hack a Mac" contest with a $10,000 cash prize, although organizers did have to loosen the contest rules before researchers succeeded in compromising a MacBook.

The following year, a MacBook Air was the first to be compromised at PWN2OWN, falling victim to a exploit initiated through Safari. Apple released a Safari update just a few weeks later to address that issue. And in 2010, noted researcher Charlie Miller used the conference to expose 20 zero-day holes in Mac OS X, claiming that Mac users' infrequent run-ins with hackers have primarily been due to "security by obscurity", with most malicious hackers preferring to attack Windows platforms with substantially larger user bases.

Notably, Apple is said to have reached out to security researchers for the first time with the initial developer build of Mac OS X Lion, inviting them to test out the forthcoming operating system in hopes of finding and patching as many holes as possible before Lion reaches customers' hands later this year. Miller and some other researchers have, however, scaled back their reporting of security flaws to Apple in the face of its refusal to match other companies' offerings of cash rewards for finding such holes.

Popular Stories

iOS 16 4 Web Push

Apple Confirms Governments Using Push Notifications to Surveil Users

Wednesday December 6, 2023 5:06 am PST by
Unidentified governments are surveilling smartphone users by tracking push notifications that move through Google's and Apple's servers, a US senator warned on Wednesday (via Reuters). In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from the tech giants to track smartphones. The traffic flowing from apps that send push notifications...
best buy snowflakes

Best Buy's New Weekend Sale Has Record Low Prices on MacBook Pro and MacBook Air

Friday December 8, 2023 7:37 am PST by
Best Buy's month-long holiday sale continues this weekend with multiple all-time low prices on Apple's line of MacBook Pro and MacBook Air computers. In addition to Apple notebooks, Best Buy's event has discounts sitewide on home appliances, TVs, video games, and more. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive...
iOS 17

iOS 17.2 Will Add These 12 New Features to Your iPhone

Friday December 1, 2023 12:19 pm PST by
iOS 17.2 has been in beta testing for over a month, and it should be released to all users in a few more weeks. The software update includes many new features and changes for iPhones, including the dozen that we have highlighted below. iOS 17.2 is expected to be released to the public in mid-December. To learn about even more features coming in the update, check out our full list. Journal ...
beeper mini

Apple Puts a Stop to Beeper Mini's iMessage for Android Feature

Friday December 8, 2023 2:24 pm PST by
Apple appears to have closed the loophole that Beeper Mini used to bring iMessage to Android, putting a stop to blue bubbles from Android devices. Beeper Mini quit working earlier today, with users receiving "failed to lookup on server: lookup request timed out" error messages. Beeper said on Twitter that it is investigating the issue, but Beeper CEO Eric Migicovsky told TechCrunch that "all ...
apple watch black friday

Apple Watch Ultra 2 Hits New Record Low Price of $699, Alongside Series 9 and SE Sales

Friday December 8, 2023 8:55 am PST by
Amazon has a few big discounts on Apple Watch today, headlined by a new all-time low price on the Apple Watch Ultra 2. Many of these watches can be delivered by Christmas, with delivery dates around the middle of next week for most models. Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site ...
maxresdefault

Review: Two Months With the iPhone 15 Pro Max

Thursday December 7, 2023 12:04 pm PST by
Apple's iPhone 15 lineup came out in September, and while most reviews are done shortly after a new device launches, we like to follow up with a longer term review that gives us an opportunity to provide a deeper dive into what it's like using these phones on a day to day basis for months. Subscribe to the MacRumors YouTube channel for more videos. MacRumors videographer Dan Barbera has been...
iphone se 4 modified flag edges

iPhone SE 4 May Reuse Existing iPhone 14 Battery

Wednesday December 6, 2023 1:17 pm PST by
Recently, MacRumors has received details on the battery currently being tested on the upcoming fourth-generation iPhone SE, and the information corroborates previous findings in relation to the device. The iPhone SE 4, known by its device identifier D59, is expected to use the exact same battery found in the base model iPhone 14. Partially assembled prototypes of the next iPhone SE have been ...
iOS 17

35 Things Your iPhone Can Do in iOS 17.2 Coming Next Week

Wednesday December 6, 2023 5:57 am PST by
Apple made the first beta of iOS 17.2 available to developers in October. Since then we've seen three more betas, and with each iteration Apple continues to add more new features and changes, many of which users have been anticipating for quite a while. Below, we've listed 35 new things that are coming to your iPhone when the finalized version is publicly released in mid-December. 1....