Leopard falls first in hacking contest

28 Mar 2008

Security researcher takes down Leopard in under two minutes, while Vista and Ubuntu plough on

Leopard has been hacked in under two minutes using a flaw in Safari, while Vista and Ubuntu continue to stand firm.

The competition took place at the CanSecWest security conference in Vancouver, and pitted hackers against three laptops running Vista Ultimate SP1, Leopard OS X 10.5.2 and Ubuntu 7.10 to discover which was the most vulnerable.

A MacBook Air running a fully-patched version of Leopard succumbed in under two minutes, hacked by security researcher Charlie Miller who used a technique similar to a phishing attack, which involved clicking a link to a website containing malicious code, which allowed him to remotely access the machine.

Miller had been working on the exploit in the three weeks following the announcement of the challenge. He previously made a name for himself hacking the iPhone, though the Leopard exploit was far more lucrative bagging him a £5,000 prize from sponsor Tipping Point, who has notified Apple of the flaw.

At the time of writing both Vista and Ubuntu have yet to be compromised.