The 2010 edition of the well-known Pwn2Own hacking contest has concluded, with Apple products prominent among the early victims along with the iPhone, and Windows 7. The browser that came out unscathed again this year was Googles Chrome browser.
As predicted the previous week by security expert Charlie Miller, Safari was one of the programs that were successfully taken down by hackers during the first day of festivities, along with Firefox and Internet Explorer 8. This essentially proves that, on its own, the Mac platform isn’t any more secure than Windows, which should serve as a wake-up call for Mac users who are still dragging their feet on installing security software for Mac.
What is interesting is the majority of vulnerabilities were brower based attacks where the a maliciously crafted webpage url was the cause for the hack to become a real threat. Javascript malware is a common way for browsers to be compromised being a client side run code, often redirected users to a maliciously crafted webpage where numerous exploits are then tried to take control of the machine. Disabling javascript in your browser is one method suggested by security expert Steve Gibson of GRC.com. Many of the available mac security software available today can successfully block such attacks and keep your machine from being compromised.
One of the rules of the Pwn2Own contest states that hackers must provide the details of any exploits to the developers of the programs being hacked, so expect Apple to address this specific problem within Safari in the near future.
Interestingly, the iPhone was also hacked on the first day, forced remotely to send text messages.
Related posts:
- Pwn2Own 2010: Safari Under Attack
- Apple Suggests Security Software May Increase Mac Security
- Another Security Vulnerability Discovered in Safari
- Two-Year-Old Safari Vulnerability Still Unpatched
- Apples Addresses Security Vulnerabilities on Safari 4.0.5 for Windows and Mac
