Tuesday, April 24, 2007

Hacker cracks Mac OS security

A HACKER has won a US$10,000 (A$12,000) prize at the CanSecWest security conference in Vancouver after managing to break into a Macintosh computer running OS X.

Conference organisers said they had set up the contest to highlight potential risks of the Mac systems.

The competition had originally been planned as a challenge just for CanSecWest attendees through its onsite wireless network. But when 3Com subsidiary TippingPoint stumped up the cash prize they decided to put the two target machines online and open the context to everyone.

Few details of the hack have been released, and the hacker/prize-winner has not been named, although it is understood they are not at the conference.

“One OSX box has been owned! At this point all we can say is there is an exploitable flaw in Safari which can be triggered within a malicious web page,” according to the CanSecWest web site.

“Of course all of the latest security patches have been applied. Technical details will be forthcoming as the winner works out the release. There is still one more Mac to go (the same flaw cannot be used again, but other Safari bugs are allowed),” it said.

“Just to review the rules, the first box required a flaw that allows the attacker to get a shell with user level privileges. The second box, still up for grabs, requires the same, plus the attacker needs to get root.”

Apple released a security patch late last Thursday (soon after the conference began) or 25 vulnerabilities which attendees thought might be more than a coincidence.

For more IT Security news, click here.