Pwn2Own 2011 Hacking Competition Claims First Victim--Apple OS X

Tweet

Out at this year’s Pwn2Own competition–an annual gathering of computer security specialists from all around the globe–the various operating systems of the world go up against the great minds in computer science to see just how long they can hold out against their concerted efforts. And the first victim of the great hacking train was none other than Apple’s own OS X. But the most eye-catching part is just how long it took to hack that system.

French security specialist Chaouki Bekhar took about as long to hack Apple’s vaunted OS X as some do clipping a fingernail: five seconds.

All Bekhar had to do, according to reports, was use a flaw in Apple’s Safari browser and the next thing you know, he had hijacked that book. The word is that he easily foiled the memory protections in OS X Snow Leopard, and followed that up by taking advantage of some poorly-written code in Apple’s Webkit branch, which in turn powers Safari.

Interestingly, it also shares a substantial bit of code with Chrome–which Google offered a $20,000 bounty to see hacked at the conclave–but since Google beefed up the security on Chrome, the same exploit likely wouldn’t be usable to get in through Chrome.

Of course, at this point, some of you are likely wondering, if it takes less time to hack OS X than it takes the average person to make a sandwich, why on earth isn’t Apple getting hacked like nobody’s business? It’s actually, reportedly, a combination of points, including unwillingness to attack OS X machines for more sentimental reasons (they’re perceived, in the hacker community, as being closely related), and the sheer overall lack of Apple hardware, among others, though the recent influx of Macbook Airs may serve to put those numbers up a bit.

Still though, after that bit of news, it’ll be interesting to see where the rest of Pwn2Own goes from there.