PWN2OWN

Just one more reason the MacBook Air was a miss on the Apple product dartboard:
Many of you remember last year’s CanSecWest conference, where a MacBook Pro was compromised for a $10,000 prize. Well… take that, replace the MacBook Pro with a MacBook Air, and repeat it again for 2008.

We learned in February that this year’s CanSecWest would still involve a Mac, but also a laptop running Vista and some flavor of Linux. That’s exactly how it played out this week in Vancouver when security teams were presented with the three machines for the PWN2OWNcontest. Unfortunately for Mac fanboys, the MacBook Air was the first to go down, thanks to security researcher Charlie Miller. Miller is now the proud owner of $10,000 in cold, hard cash.

Charlie Miller’s name might sounds familiar to you, and that’s because he was among the first to discover an exploit in mobile Safari on the iPhone. According to IDG News Service, Miller took less than two minutes to compromise the MacBook Air. “Within 2 minutes, he directed the contest’s organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on,” wrote IDG.

Part of the rules for the contest were that hackers could only use software that was preinstalled on the machines. DVLabs says that it is privvy to the exploit, and that it was through Safari. The exploit itself, however, is not being revealed for now in order to give Apple time to patch it (DVLabs says that the vulnerability has been “responsibly disclosed” to the company and that Apple is already working on it).

Popularity: 5% [?]