Woot!? Mac is the 1st to fall?!

 

A team of security researchers from the French pen-testing firm VUPEN successfully exploited a zero-day flaw in Apple’s Safari browser to win this year’s Pwn2Own hacker challenge.

VUPEN co-founder Chaouki Bekrar lured a target MacBook to a specially rigged website and successfully launched a calculator on the compromised machine.

The hijacked machine was running a fully patched version of Mac OS X (64-bit).

more here:
Safari/MacBook first to fall at Pwn2Own 2011
http://www.zdnet.com/blog/security/safarimacbook-first-to-fa...

Lets face it....if you are

Lets face it....if you are connected to the internet, you are vunerable

--
My Toys: MacBook Pro Unibody, Nuvi 2589

~

One thing they don't bother to report...

Safari was updated yesterday. They didn't use the new version in this "show".

Wonder why....

--
*Keith* MacBook Pro *wifi iPad(2012) w/BadElf GPS & iPhone6 + Navigon*

Windows users

Windows users get this all of the time. It is not often that this is done to a Mac.

AS another user said, as soon as you connect to the internet you can be hacked. I'm a firm believer that no one is safe when connected. Sooner or later your computer will get a virus, a bot or some other kind of spyware loaded. These days users are getting better at not falling for this stuff but again sooner or later it will happen.

Apple Fanboy is in the house :-)

kch50428 wrote:

One thing they don't bother to report...

Safari was updated yesterday. They didn't use the new version in this "show".

Wonder why....

The article says it:
The hijacked machine was running a fully patched version of Mac OS X (64-bit).

I am not sure if "fully patched" includes the patches released on March 9. I suppose it does.

"Fully Patched"

Did NOT include the Safari Update released yesterday. The Safari version exploited was 5.0.3 - 5.0.4 is the version released yesterday.

And, this exploit required physical access to the device in order to make the exploit work... It’s a retail exploit, not suited to a real world mass attack.

This kind of thing happens to Windows every day, so no big deal gets made about it... it doesn't happen to Macs with as great a frequency, so tech-geek writers get all wee wee'd up about it and write breathless headlines...

And if you want to call someone who desires a computer & OS that just works without a lot of hassle, yeah, that makes me a fanboy if you want to be one of those kind of people that needs to throw that word around to make yourself feel better... smh.

--
*Keith* MacBook Pro *wifi iPad(2012) w/BadElf GPS & iPhone6 + Navigon*

I stand corrected. Was

I stand corrected. Was looking for info regarding Safari versions and I finally found it. "Fully patched" refers to the OS but doesn't include the latest browser patch.

Apple released Safari 5.0.4 a day ahead of the competition, patching some 60 security holes in the browser. However, this year the rules have been altered: the configuration was frozen a week ago, hence the competition being run against Safari 5.0.3. Under the new rules, pwning (and hence owning) only needs to succeed on the frozen version.

Use Chrome

I'm using Chrome on the Mac and quite happy with it.

I would add the following Chrome extensions to it:
Lastpass
Notscripts
Adblock
Vanilla
Xmarks Bookmarks synch

Then you have a fast, sweet, secure browser on the mac.

--
Nuvi 760 (died 6/2013); Forerunner 305 bike/run; Inreach SE; MotionX Drive (iPhone)

All you can do is....

Keep your anti-virus up to date, don't go to a website you're unsure of and above all be smart. Many people are way to trusting and borderline nieve on the internet. Just because you can't see the threat doesn't mean the threat isn't there!

I too

Aero_Jonno wrote:

I'm using Chrome on the Mac and quite happy with it.

I would add the following Chrome extensions to it:
Lastpass
Notscripts
Adblock
Vanilla
Xmarks Bookmarks synch

Then you have a fast, sweet, secure browser on the mac.

Ya, me too I have used chrome on windows and even like it better on my imac.

--
John_nuvi_

Thanks for the Xmarks

Thanks for the Xmarks suggestion.

I agree

RhythmTip wrote:

Lets face it....if you are connected to the internet, you are vunerable

I agree - windows has wider global user base especially in business where more sensitive information is vulnerable - as more mac OS products cut into that user base the more vulnerable they will become. Big time hackers don't really care what you have on your home network unless you are well off and have something worth stealing, but the average person is generally safe. Mal-ware on the other hand affects everyone, as it is more likely a game for those that put that crap out there.

--
JRoz -- DriveSmart 55 & Traffic

Well, think about this one as well

I'm a Ubuntu user, very happy with it - and yet I'm tied to a MS box for the Lifetime maps...

The good news is, my company provided me with such a machine. So I can update my Garmin, until the day they'll provide us with a Linux-compatible Map updater.

Ah, ya can't win them all.................

--
Ain't nuthin' never just right to do the things you wanna do when you wanna do them, so you best just go ahead and do them anyway ! (Rancid Crabtree, from Pat F McManus fame)

VM it

You can virtualize your Windows machine and tuck it under your Ubuntu machine, then take the Win box and convert it to Ubuntu, so you have two U machines, employer permitting. I run VMWare Fusion on my Mac so I can have a Win 7 machine that will run Quicken for Windows...so far the only Win program I miss in the Mac world. (The Mac version of Quicken is not as complete and capable.)

--
Nuvi 760 (died 6/2013); Forerunner 305 bike/run; Inreach SE; MotionX Drive (iPhone)

true

RhythmTip wrote:

Lets face it....if you are connected to the internet, you are vunerable

true