Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Apple's OS X is First OS to be Hacked at This Year's Pwn2Own(Hacked in 5 Seconds)
DailyTech ^ | 3/10/2011

Posted on 03/10/2011 1:46:37 PM PST by BobSimons

Apple's OS X is First OS to be Hacked at This Year's Pwn2Own

Charlie Miller lets someone else win a MacBook for a change

The conception that Apple, Inc. computers running OS X are magically more secure than Windows computers was dealt another setback this week. Using a flaw in Apple's pre-installed first-party Safari browser, it took French security pro Chaouki Bekrar merely 5 seconds to hijack the unwitting MacBook at the CanSecWest Conference's pwn2own contest in Vancouver, British Columbia.

On a most basic level the attack exploited Apple's weak memory protections in OS X Snow Leopard. Microsoft, more popular and more commonly attacked, includes two critical types of memory protection -- data execution prevention and robust address space layout optimization (ASLR) -- both of which attempt to prevent memory injection attacks. By contrast, Snow Leopard only supports ASLR and the implementation is badly botched according to hackers.

The attack also exploited poor coding in Apple's branch of WebKit, which features many bugs and security flaws. While Apple's WebKit branch, which powers its Safari browser, shares a certain amount of code with Google's WebKit browser Chrome, Google has added much more robust security layers and is less buggy.

So if Apple computers are less secure than Windows machines, why are Windows machines attacked so much more frequently? Generally, the answer boils down to that there's far fewer Macs and that hackers often have misgivings about mass attacks Unix-like operating systems (Linux, OS X) as they view it as "attacking their own." Ultimately these two factors combine into a greater barrier -- lack of information.

read more here

(Excerpt) Read more at dailytech.com ...


TOPICS:
KEYWORDS: apple; hacked; osx

1 posted on 03/10/2011 1:46:41 PM PST by BobSimons
[ Post Reply | Private Reply | View Replies]

To: BobSimons

LMAO.. 5seconds to hack a mac.


2 posted on 03/10/2011 1:48:03 PM PST by BobSimons
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

ping


3 posted on 03/10/2011 1:50:57 PM PST by raybbr (People who still support Obama are either a Marxist or a moron.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BobSimons

Why, that’s impossible. Only Windoze can be hacked. /s


4 posted on 03/10/2011 1:53:30 PM PST by reagan_fanatic (A communist is just a liberal in a hurry)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BobSimons

It’s like the “Hack a Shaq”...only computer like...


5 posted on 03/10/2011 1:54:08 PM PST by Fedupwithit ("The welfare of humanity is always the alibi of tyrants" -Albert Camus)
[ Post Reply | Private Reply | To 2 | View Replies]

To: BobSimons

The title is a little mis-leading.

A 3-man team worked 2 weeks to reverse engineer Webkit, then discovered an exploit in the way Webkit processes data. Once they had this, they were able to write code to take advantage of this exploit.

So, when the Pwn2own contest started .... hey, first team to crack the Mac - wins the Mac and $15K.

All they had to do was pull the trigger.


6 posted on 03/10/2011 1:55:49 PM PST by Hodar (Who needs laws .... when this "feels" so right?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BobSimons
The conception that Apple, Inc. computers running OS X are magically more secure than Windows computers

I don't know anyone who ever thought this "conception" was magic.

And, as Hodar says, the title is phony.

But if Windows security is good enough for you, then have at it. Just count the working exploits out there in the real world for Mac vs. for Windows.

7 posted on 03/10/2011 2:02:34 PM PST by Izzy Dunne (Hello, I'm a TAGLINE virus. Please help me spread by copying me into YOUR tag line.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: reagan_fanatic
Why, that’s impossible. Only Windoze can be hacked. /s

Or so the iTards tell us.

8 posted on 03/10/2011 2:06:16 PM PST by Drill Thrawl (I don't prep for the disaster. I prepare for the rebuilding.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Izzy Dunne

If the fact that MS has more exploits than Apple is good enough for you, then don’t worry about it. Relax.


9 posted on 03/10/2011 2:07:14 PM PST by SgtHooper (The last thing I want to do is hurt you. But it's still on the list.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: BobSimons
And how long did they work on the exploit -- developing it, testing it, etc.? Weeks at least.

You are an Apple-hater -- that's okay, not everybody likes Apple.

But are you also really completely ignorant of how these inane hacking contests work? The amount of time it takes to RUN the script is nothing whatsoever compared to the time it takes to try a dozen different tacks, find one that works, and develop it into a successful exploit.

Headlines and articles like this are just stupid. I'm sorry to see such drivel posted on FreeRepublic.

A discussion of the exploit would be interesting.

A bunch of loons crowing about "5 seconds" is just juvenile.

10 posted on 03/10/2011 2:07:15 PM PST by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BobSimons

UNIX bases OSes are very difficult to hack. There are no viruses, as that concept doesn’t work in Unix. Without the root passwd there is very little distruction that can take place. Believe me.


11 posted on 03/10/2011 2:11:39 PM PST by central_va (I won't be reconstructed, and I do not give a damn.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BobSimons; dayglored
BTW, Bob...

> A bunch of loons crowing about "5 seconds" is just juvenile.

The "loons" I'm referring to are the tech whores at DailyTech, not anybody at FR.

12 posted on 03/10/2011 2:15:58 PM PST by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 10 | View Replies]

from the article

But the results show that when somebody puts in the work to enter that undiscovered country, that Macs prove as hackable as Windows computers or more so.

Luring the user to a suspect site in Safari, the VUPEN researcher remotely launched OS X's calculator app and wrote a file to the disc -- essentially paving the way for a full hijack of the machine. This was all done without the browser crashing or showing any irregularities.

He describes, "The victim visits a web page, he gets owned. No other interaction is needed."

The victim would likely think they merely clicked on a bad URL.

Thats scary going to a webpage and getting pwned..
At least Windows users utilize proactive defenses that block bad or otherwise malicious websites..

13 posted on 03/10/2011 2:16:49 PM PST by BobSimons
[ Post Reply | Private Reply | To 11 | View Replies]

To: central_va

quit blowing smoke.


14 posted on 03/10/2011 2:18:08 PM PST by BobSimons
[ Post Reply | Private Reply | To 11 | View Replies]

To: BobSimons

>>>>quit blowing smoke.

Physician, heal thyself.


15 posted on 03/10/2011 2:19:38 PM PST by Keith in Iowa (FR Class of 1998 | TV News is an oxymoron. | MSNBC = Moonbats Spouting Nothing But Crap.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: dayglored
And how long did they work on the exploit -- developing it, testing it, etc.? Weeks at least.

why cant you even admit when Apple is wrong? Apple had flawed code

16 posted on 03/10/2011 2:22:02 PM PST by BobSimons
[ Post Reply | Private Reply | To 10 | View Replies]

To: Hodar

So that makes it illegitimate?

The exploit was there and they got in.

But with any Apple issue, it’s everyone fault but Apple’s.


17 posted on 03/10/2011 2:23:04 PM PST by VanDeKoik (1 million in stimulus dollars paid for this tagline!)
[ Post Reply | Private Reply | To 6 | View Replies]

To: BobSimons
At least Windows users utilize proactive defenses that block bad or otherwise malicious websites..

Only because Windows users have had to deal with a never ending stream of such attacks for years. So they are constantly fixing the problems and making it more secure. To compare the two situations it is like saying a house in the in Queens is more secure than one in Omaha because they have more locks on their doors. The moronic reporter or the unsavy reader might instantly conclude that if you want to be secure from break-ins all you have to do is move to New York City.
18 posted on 03/10/2011 2:23:20 PM PST by TalonDJ
[ Post Reply | Private Reply | To 13 | View Replies]

To: BobSimons

Apple to some of their users is more beloved than their own country.


19 posted on 03/10/2011 2:24:10 PM PST by VanDeKoik (1 million in stimulus dollars paid for this tagline!)
[ Post Reply | Private Reply | To 16 | View Replies]

To: BobSimons
why cant you even admit when Apple is wrong? Apple had flawed code

Of course they had flawed code! So what? Have Macs been getting hacked this way often? No. Have Windows PCs been getting it this way? Yes. That is why they are more secure. Because hackers have been doing this trick or one similar to PCs for YEARS. Now that someone found this hack Apple will fix it. Just like MS fixes ones in their stuff when they are found. Life goes on. No code is perfect. Why do people have to go orgasmic if Apple makes a mistake?
20 posted on 03/10/2011 2:26:54 PM PST by TalonDJ
[ Post Reply | Private Reply | To 16 | View Replies]

To: dayglored
I wonder if they got help from Microsoft? lol

This contest seems to be a bit of a fraud. Any knowledgeable person is keenly aware that the “5 seconds” was just the implementation of an attack that likely took a great deal of time and effort to engineer.

This is proof of nothing.

21 posted on 03/10/2011 2:30:18 PM PST by precisionshootist
[ Post Reply | Private Reply | To 10 | View Replies]

To: central_va
Believe me.

I believe everyone on this thread.

They are all so smart!

22 posted on 03/10/2011 2:31:39 PM PST by Glenn (iamtheresistance.org)
[ Post Reply | Private Reply | To 11 | View Replies]

To: central_va

The root password is irrelevant if you can just overflow a buffer (or even worse, the runtime stack) and execute malicious code. OSX’s problem is its lack of memory protection, which is fairly common among *nix systems.


23 posted on 03/10/2011 2:32:14 PM PST by Echo4C (We have it in our power to begin the world over again. --Thomas Paine)
[ Post Reply | Private Reply | To 11 | View Replies]

To: TalonDJ
Have Macs been getting hacked this way often?

Apple gets Pwned and abused every year at this competition.

24 posted on 03/10/2011 2:33:14 PM PST by BobSimons
[ Post Reply | Private Reply | To 20 | View Replies]

To: BobSimons

And in the wild?

I know, I know. Apple is the worst at responding to security risks. Some potential exploits have knowingly been left open for months. Apple will have to learn to be more responsive to such shortcomings. Until then, they have to live with live exploits growing exponentially for a while. From 0.0001% to 0.001% even.


25 posted on 03/10/2011 2:39:13 PM PST by SengirV
[ Post Reply | Private Reply | To 24 | View Replies]

To: BobSimons
If you Own a Mac you now know
what its like to be the Gay, Vocal
and otherwise irritating 5% of Society


26 posted on 03/10/2011 2:41:14 PM PST by BobSimons
[ Post Reply | Private Reply | To 24 | View Replies]

To: BobSimons
> why cant you even admit when Apple is wrong? Apple had flawed code

Of course they did. No huge body of code is free of flaws. So what? The sky is blue, is that also a revelation?

Your awe at the simplest things make me wonder if you're new to this topic....

27 posted on 03/10/2011 2:41:41 PM PST by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 16 | View Replies]

To: BobSimons
Apples to Oranges.

Infographic by Smarter.org

28 posted on 03/10/2011 2:44:44 PM PST by null and void (We are now in day 778 of our national holiday from reality. - tic. tic. tic. It's almost 3 AM)
[ Post Reply | Private Reply | To 1 | View Replies]

To: precisionshootist
> This is proof of nothing.

Except that tech-writers are whores who will do anything to get a headline with "Apple" or "Mac" in it.

29 posted on 03/10/2011 2:46:31 PM PST by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 21 | View Replies]

To: BobSimons

I love to see the texturbation between fanbois and anti-fanbois alike in these threads. It reminds me why politics sucks, and that the world we live in is 99% opinion, and 1% fact.


30 posted on 03/10/2011 2:52:41 PM PST by Paradox (Matthews has the emotional equilibrium of a pregnant, gambling chihuahua on meth.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Echo4C
The root password is irrelevant if you can just overflow a buffer (or even worse, the runtime stack) and execute malicious code.

Or? The point of overflowing the buffer IS to get your executable code onto the stack at the right spot.

31 posted on 03/10/2011 3:12:02 PM PST by Darth Reardon (No offense to drunken sailors)
[ Post Reply | Private Reply | To 23 | View Replies]

To: BobSimons

Can this so-called hack be used without “user permission”?

You know, do I have to type in my password for it to work? To the best of my knowledge, all of the previous hacks required the user to type in his/her password after downloading something from an unknown site.

Most of us Mac users do not go to those sites, and you know what I mean, I think.


32 posted on 03/10/2011 3:12:07 PM PST by jacquej
[ Post Reply | Private Reply | To 24 | View Replies]

To: BobSimons

Uh, Bob....

I am a little old lady, happily married for 45 years to the same man, and neither of us are into anything vaguely interesting in the sexual side of things.

Neither of us are particularly vocal either. We just ran our little business successfully for over 40 years on Macs, managing many millions of other people’s money, and never had a down day, computer-wise.

We never needed tech support, never had a crash, never needed overly expensive software, or tech handholding to keep us up and running, no matter what time a client wanted info.

We never could have done this with PCs. We watched many of our fellow small business owners struggle with all the above issues.

That said, PCs are great for the corporate types, who have the big budgets for IT staff, and software techies running around to all the offices.

If this is irritating to you, then I suggest you reconsider the percentage of jobs created by small business owners in our economy. I know we helped lots of people find work in our rather impoverished area.


33 posted on 03/10/2011 3:19:48 PM PST by jacquej
[ Post Reply | Private Reply | To 26 | View Replies]

To: central_va

It is not clear from the article if he got root or not.

But once in with a user shell, he should be able to launch a privilege escalation attack.


34 posted on 03/10/2011 3:26:42 PM PST by proxy_user
[ Post Reply | Private Reply | To 11 | View Replies]

To: proxy_user
It is not clear from the article if he got root or not. But once in with a user shell, he should be able to launch a privilege escalation attack.

I'm a Mac user and I wish I understood what you just wrote...... it sounds really interesting..... I have no clue what it means.

internet guide

35 posted on 03/10/2011 4:44:43 PM PST by Dick Vomer (democrats are like flies, whatever they don't eat, they sh#t on.)
[ Post Reply | Private Reply | To 34 | View Replies]

To: central_va
>UNIX bases OSes are very difficult to hack. There are no viruses, as that concept doesn’t work in Unix. Without the root passwd there is very little distruction that can take place. Believe me.

Not true. Tom Duff regaled us of his first UNIX virus at a USENIX breakout session in 1988. The basic infection technique is to read the executable header, identifying the starting address for the code segment, save it, add your own code to the end of the code segment, patch the start address to run your "virus" code, then patch a section of your "virus" code to run the original entry point. Your "virus" can then scan all the executables in the current directory and PATH and infect all that you can successfully write. The technique works and spreads like wildfire in an environment with NFS mounted filesystem to "share" the garbage.

36 posted on 03/10/2011 4:47:12 PM PST by Myrddin
[ Post Reply | Private Reply | To 11 | View Replies]

To: central_va
UNIX bases OSes are very difficult to hack. There are no viruses, as that concept doesn’t work in Unix. Without the root passwd there is very little distruction that can take place. Believe me.

No. Linux/UNIX can be hacked just like any other OS.

A hacker can modify an unprotected executable file, or a kernel load module, or even the disk sectors of an unprotected /dev/sda physical device. It takes only one mistake in securing a single file to blow up Linux completely.

For all the complaints about compatibility in Windows Vista/Win7, it does have extra security against those kinds of errors. x64 device drivers must be digitally signed with a Class 3 VeriSign Authenticode Certificate to load. Mandatory Integrity levels are enforced everywhere: all code runs in separate sandboxes based on the security level (Low, Medium, High, System). This is similar to TCB Orange Book used by the military for mandatory security levels (Unclassified, Secret, Top Secret, etc). Files in the TCB are owned by TrustedInstaller and cannot be modified even by super-users (Administrators).

Linux/UNIX has a ways to go to catch up to Win7 in terms of security.

37 posted on 03/10/2011 5:22:57 PM PST by Gideon7
[ Post Reply | Private Reply | To 11 | View Replies]

To: BobSimons
Photobucket
38 posted on 03/10/2011 8:11:32 PM PST by JRios1968 (Laz would hit it!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: JRios1968

39 posted on 03/10/2011 9:43:18 PM PST by SERE_DOC (My Rice Krispies told me to stay home & clean my weapons!)
[ Post Reply | Private Reply | To 38 | View Replies]

To: BobSimons

Um, what happened to the entry between Linux and Symbian? Are you using MSIE or something?


40 posted on 03/10/2011 10:00:59 PM PST by cynwoody
[ Post Reply | Private Reply | To 26 | View Replies]

To: dayglored
No huge body of code is free of flaws. So what? The sky is blue, is that also a revelation?

That's certainly true.

But the fact remains, Apple apparently still fails to utilize a basic protective capability built into the processors on which it runs by diligent Intel engineers: data execution prevention. DEP keeps many of those undiscovered flaws from having consequences beyond crashing the application you are using at the time.

41 posted on 03/10/2011 10:12:02 PM PST by cynwoody
[ Post Reply | Private Reply | To 27 | View Replies]

To: Gideon7
A hacker can modify an unprotected executable file, or a kernel load module, or even the disk sectors of an unprotected /dev/sda physical device. It takes only one mistake in securing a single file to blow up Linux completely.

Spreading false information around pure bs. Without root authority any hacked executable will not have the authority to do an damage. You think you understand Unix but clearly you don't. The Unix OS will control the maliciousness, contain it. It was DESIGNED that way.

unprotected /dev/sda physical device.

What? How is that going to affect anything but that device? /dev is owned by root.

42 posted on 03/11/2011 3:29:00 AM PST by central_va (I won't be reconstructed, and I do not give a damn.)
[ Post Reply | Private Reply | To 37 | View Replies]

To: Myrddin
Your "virus" can then scan all the executables in the current directory and PATH and infect all that you can successfully write.

You will do little or no damage to the OS without root privileges.

43 posted on 03/11/2011 3:36:59 AM PST by central_va (I won't be reconstructed, and I do not give a damn.)
[ Post Reply | Private Reply | To 36 | View Replies]

To: VanDeKoik
But with any Apple issue, it’s everyone fault but Apple’s.

Never said it wasn't Apple's fault. That is you, projecting on me. I said (please read this slowly, out loud if you have to)

The title is misleading. The Mac was NOT cracked from scratch in 5 seconds. A team of 3 engineers worked 2 weeks to reverse-engineer the Webkit. Then wrote custom software to export various stages the Webkit engine went through, to find an exploit. Then they developed an application, using this (non-exported and typically not available data) exploit to break the flaw.

The title implies that a hacker cracked the Mac in 5 seconds - no mention of the 2 weeks a small team of engineers spent in preparation. The fact is, that the Mac took over 2 weeks to crack.

Bottom line, yes - there is a security flaw in the Mac OS. And I believe that Apple already has a patch released to fix this. This was a nice job by the team - but goes to show you what lengths they had to go to, in order to find this flaw.

44 posted on 03/11/2011 6:32:21 AM PST by Hodar (Who needs laws .... when this "feels" so right?)
[ Post Reply | Private Reply | To 17 | View Replies]

To: VanDeKoik
But with any Apple issue, it’s everyone fault but Apple’s.

Never said it wasn't Apple's fault. That is you, projecting on me. I said (please read this slowly, out loud if you have to)

The title is misleading. The Mac was NOT cracked from scratch in 5 seconds. A team of 3 engineers worked 2 weeks to reverse-engineer the Webkit. Then wrote custom software to export various stages the Webkit engine went through, to find an exploit. Then they developed an application, using this (non-exported and typically not available data) exploit to break the flaw.

The title implies that a hacker cracked the Mac in 5 seconds - no mention of the 2 weeks a small team of engineers spent in preparation. The fact is, that the Mac took over 2 weeks to crack.

Bottom line, yes - there is a security flaw in the Mac OS. And I believe that Apple already has a patch released to fix this. This was a nice job by the team - but goes to show you what lengths they had to go to, in order to find this flaw.

45 posted on 03/11/2011 6:32:30 AM PST by Hodar (Who needs laws .... when this "feels" so right?)
[ Post Reply | Private Reply | To 17 | View Replies]

To: central_va
You will do little or no damage to the OS without root privileges.

Not a problem. I've broken root on an HP workstation in under 5 minutes. There's always another hole. In the case of the HP workstation, the sysadmin had gone on vacation for 3 weeks and left nobody with the root password. I exploited a setuid program that made a "system()" call to manufacture a copy of /bin/sh that was setuid to root. I changed the root passwd, handed that to the designated admin and removed the "hack" tool.

46 posted on 03/11/2011 12:04:38 PM PST by Myrddin
[ Post Reply | Private Reply | To 43 | View Replies]

To: central_va
Spreading false information around pure bs. Without root authority any hacked executable will not have the authority to do an damage. You think you understand Unix but clearly you don't. The Unix OS will control the maliciousness, contain it. It was DESIGNED that way.

unprotected /dev/sda physical device

What? How is that going to affect anything but that device? /dev is owned by root.

If /dev/sda is inadvertently left writable then a hacker can directly modify the physical disk sectors of the disk. He can inspect the raw inode table to locate and then change the sectors containing /vmlinuz (or any other logical file) and modify said file with impunity, completely bypassing the security model of the file system.

Basically the 'root' security model is like a balloon. The tiniest pin-prick and it pops. The root model is Class D (with ACLs it might be a low C1).

Real security begins with a honeycombed compartmental model - basically sandboxes - so a screwup in one cell doesn't compromise the whole system. For example Internet Explorer runs in the 'Low' sandbox. For even stronger security you impose mandatory identification labels on principals and objects and use a formal methodology. On that score Vista/Win7 is roughly class B1 and is nearly B2. (Class A1 requires a mathematically verified formal design such as the Type Enforcement model.)

I'm formerly the Principal Computer Scientist at Secure Computing Corporation (SCC) where I worked on classified DoD contracts and helped design a more-or-less Class A1 OS (Sidewinder), and later co-designed the first firewall for Microsoft Windows. So I do know a little something about computer security.

The only 'bs' being flung around is coming from you.

47 posted on 03/11/2011 1:24:45 PM PST by Gideon7
[ Post Reply | Private Reply | To 42 | View Replies]

To: BobSimons

I missed this years competition. But I guess this makes 4 years in a row OSX was the first hacked!


48 posted on 05/27/2011 7:52:41 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BobSimons

Too funny!


49 posted on 05/27/2011 8:03:31 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 26 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson