Saturday, March 29, 2008

MacBook Air Owned In 2 Minutes

That's true.
At CanSecWest 2008 conference, security mans have shown how to get into a new MacBook Air through undisclosed Safari Vulnerability. They have won $10.000 for showing that, of course.

Charlie Miller pwns a MacBook Air at CanSecWest. (Credit: TippingPoint)

The Vulnerability has been acquired as a 0Day and then submitted to Apple which is hardly working on. You can track the vulnerability on: Zero Day Initiative upcoming advisories page under ZDI-CAN-303.
The 0day is still secret but it comes out one day after SECUNIA shown two safari vulnerabilities:
1) An error when downloading e.g. a .ZIP file with an overly long filename can be exploited to cause a memory corruption.
Successful exploitation may allow execution of arbitrary code.
2) An error in the handling of windows can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar.
I've found a nice Proof Of Concept Here (Hack Your Safari). So maybe the MacBook Air's 0Day could be correlated to these ones? Who knows :) .....
Anyway, that's amazing ! I love this kind of conferences, where you might see the most (lemme say like that) underground side of security. You might also learn a lot and know lots of no famous but extremely good security researchers, moreover It's a perfect place to build good human's links.