In contest, researcher cracks a Mac with lightning speed using zero-day exploit

Dark Reading Staff, Dark Reading

March 28, 2008

1 Min Read

After the first day of CanSecWest's "PWN 2 Own" hacking contest, nobody had successfully hacked any of the conference's three target computers. Then, the contest's organizers modified the rules to allow hacks via third-party Websites and email links.

Two minutes after the rule change, Charlie Miller had hacked the target Mac.

Miller collected a $10,000 prize and the new Mac, according to reports from the conference.

Miller, who was one of the first to hack the Apple iPhone last year, hasn't published details of the exploit yet, but he is sharing the flaw with the contest's sponsor, TippingPoint, which will inform Apple.

The rules of the contest state that hackers can only attack software that comes pre-installed with the computer, so the quick attack following the rule change leads most experts to believe that Miller's exploit probably takes place via Apple's Safari browser.

In the contest, hackers were given a previously unreleased, zero-day vulnerability and were allowed to target any of three machines -- each running a different operating system -- with an exploit. Miller was the first to succeed.

— Tim Wilson, Site Editor, Dark Reading

Read more about:

2008

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights