Skip to comments.Chinese hacker cracks Safari, wins $40K, praises Apple's security
Posted on 03/15/2014 3:47:15 PM PDT by Swordmaker
Some of his prize money will go to families of the missing Malaysian airline.
Keen Team's Chen, right, demonstrating an Adobe Flash exploit FORTUNE -- Everybody's Web software got "pwned" at the Pwn2Own hackers conference this week: Apple's (AAPL) Safari, Google's (GOOG) Chrome, Microsoft's (MSFT) Internet Explorer, Mozilla's Firefox and Adobe's (ADBE) Reader and Flash.
Chrome was hacked by a French team from Vupen Security with a use-after-free vulnerability that affects both the WebKit and Blink rendering engines.
Safari was defeated by Liang Chen, one of a pair Chinese Keen Team hackers, using a heap-overflow-and-sandbox-bypass combination that took three months to perfect. . .
. . . "I think the Webkit fix will be relatively easy," Chen told Mimoso. "The system-level vulnerability is related to how they designed the application; it may be more difficult for them."
(Excerpt) Read more at tech.fortune.cnn.com ...
"For Apple, the OS is regarded as very safe and has a very good security architecture," Chen told ThreatPost's Michael Mimoso. "Even if you have a vulnerability, it's very difficult to exploit. Today we demonstrated that with some advanced technology, the system is still able to be pwned. But in general, the security in OS X is higher than other operating systems."
If you want on or off the Mac Ping List, Freepmail me.
I'm still allowing Apple to protect me. I NEVER type that password when I see this type of box pop us unexpectedly. Besides, I have nothing of interest to anybody but (possibly) the NSA. They want to know what I say to Aunt Maude...
Amazing. . . I am in error. Safari did not fall first! Internet Explorer fell first this year, garnering $100,000 for the team that exploited it and Windows 8.1!
This article is light on information. It doesn’t say much to get me worried.
Big deal, so he can hack computers........Can he play infield? Ha, thought so.......
I cracked Tic Tac Toe.
Apple was at the conference and will close the vulnerability. . .
“But in general, the security in OS X is higher than other operating systems.”
And what is OS X based on? Unix! Specifically BSD-based Unix. Hah! Eat it Windows!
The thing that kills me is that people are lax at using security precautions. I helped three different individuals with their computers in the last few weeks. All were using the default administrator ID to log in. A couple had no password at all to log in. And so on. All their data in the desktop window, none in separate folders without sharing privileges etc. Companies put a lot of work into security architecture and people don't put it to use.
Consider this sponsored hacking exercise a good thing.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.