Recently, there was a contest where the prize was a fully patched MacBook Pro. The way to win it was to be the first one to hack into it. Well, in under 12 hours, someone was able to uncover a Safari vulnerability that would allow one to gain full user rights on a machine. While the person who found this vulnerability eventually was the MacBook as well as a $10,000 prize, it just goes to show you how quickly one can find a vulnerability in popular software applications if they have the time and dedication.

A New York-based security researcher spent less than 12 hours to identify and exploit a zero-day vulnerability in Apple’s Safari browser that allowed him to remotely gain full user rights to the hacked machine. The feat came during the second and final day of the CanSecWest “pwn-2-own” contest in which participants are able to walk away with a fully-patched MacBook Pro if they are first able to hack it.

The exploit means that Dino Dai Zovi is the rightful owner of the 2.3Ghz 15-inch MacBook Pro and a $10,000 prize offered by Tipping Point, which runs the Zero Day Initiative bug bounty program. More importantly, his work effectively throws cold water on tired claims from Apple and its many lackeys that the Mac is all but immune from the kind of security attacks more regularly perpetrated against Windows-based machines.[more]

Tags: Hackers, Good on the Net