informa
/
Perimeter
Quick Hits

Hacked in Two Minutes

In contest, researcher cracks a Mac with lightning speed using zero-day exploit

After the first day of CanSecWest's "PWN 2 Own" hacking contest, nobody had successfully hacked any of the conference's three target computers. Then, the contest's organizers modified the rules to allow hacks via third-party Websites and email links.

Two minutes after the rule change, Charlie Miller had hacked the target Mac.

Miller collected a $10,000 prize and the new Mac, according to reports from the conference.

Miller, who was one of the first to hack the Apple iPhone last year, hasn't published details of the exploit yet, but he is sharing the flaw with the contest's sponsor, TippingPoint, which will inform Apple.

The rules of the contest state that hackers can only attack software that comes pre-installed with the computer, so the quick attack following the rule change leads most experts to believe that Miller's exploit probably takes place via Apple's Safari browser.

In the contest, hackers were given a previously unreleased, zero-day vulnerability and were allowed to target any of three machines -- each running a different operating system -- with an exploit. Miller was the first to succeed.

— Tim Wilson, Site Editor, Dark Reading

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5