Safari falls in 10 seconds at hacking contest

 

Gallery

By Stuart Turton

Posted on 19 Mar 2009 at 10:47

A security researcher has won $5,000 by hacking a Mac in under 10 seconds, exploiting a hole in Safari.

Charlie Miller, a security analyst wtih Independent Security Evaluators, was competing in the annual CanSecWest's PWN2OWN contest - which offers cash prizes for the quickest hacks.

The competition allows contestants to provide a URL hosting their exploit. Though Miller was forbidden from revealing the details of his hack for fear it would be replicated, he did reveal that the URL exploited a hole in a fully patched version of Safari allowing him to take control of a full patched MacBook.

The second machine to fall was a Sony laptop running Windows 7, which was exploited through a vulnerability in the recently released Internet Explorer 8.

The contest is organised by TippingPoint, which is offering $5,000 for each new vulnerability found in a browser and $10,000 for each successful exploit in the major smartphones. Details of the exploits are shared with the affected companies.

Miller also won the competition last year after breaking into a MacBook Air in under two minutes, a feat which bagged him $10,000.