MacBook Air Hacked In Two Minutes12:51 PM EST Fri. Mar. 28, 2008
Mac owners take heed. Your machine may not be as safe as you think it is.
While Microsoft's Windows OS has along been slammed as the hackers dream, it was a MacBook Air that broke down first under the hands of hackers at this year's CanSecWest conference in Vancouver, B.C., according to TippingPoint, the contest's sponsor.
The contest, called Pwn 2 Own, gave hackers three systems, one running Linux, one running Windows Vista and the MacBook Air.
The winner got to take home $10,000 in cold hard cash, and whichever machine he or she compromised. The amount decreased after the first day when all three machines remained un-hacked.
On day two, for $10,000, security researcher Charlie Miller was able to use an exploit in Apple's Safari Web browser to point the MacBook Air to a Web site that loaded malicious code, giving him control of the machine in just two minutes, according to TippingPoint.
Contestants signed NDA agreements with TippingPoint that they would keep the exploits they used under wraps until the vendors could be notified of the vulnerabilities.
The vulnerability has been purchased by the Zero Day Initiative, and has been made known to to Apple, which is now working on the issue, TippingPoint said. "Until Apple releases a patch for this issue, neither we nor the contestants will be giving out any additional information about the vulnerability," TippingPoint said. In addition to the $10,000 cash prize, Miller also gets to keep the MacBook Air.
Last year's contest was also won by an Apple-exploiter, who was able to hack a MacBook Pro in nine hours.