Mac Hack Hype

By Space Rogue 1 comment

So by now you have probably heard about the MacBook Pro that was compromised at CanSecWest last Friday. Here is a quick recap if you missed it. A MacBook Pro with all updates applied on a wireless network, if you can break in you win the laptop. Well, after two days no one broke in so the rules where relaxed a little and the MacBooks where allowed to surf to malicious webpages. You can read more details here, here, here, here, here, and probably a few dozen other places.
The hype on this is pretty amazing considering that this really isn’t that big of a hack. This sort of things happens on Windows platforms on a almost daily basis. Yes, its zero day but other than that so what? Lets take a look at the actual exploit, or at least as much as we can piece together from the various ‘news’ outlets. First you need to convince a user to visit your malicious web page with Safari (no mention if Firefox or other browsers are immune) which depending on who you are convincing may or may not be that hard. Then even after you get your code installed installed on the victim your only granted user level access. Your still not root. Granted your a big step closer to getting root but you are still mired in userland.
So yes, this is a valid hole that should be repaired as soon as possible but it doesn’t warrent anywhere near as much press as it has been garnering.

1 Comment

PWN to Own Take 2 at SPACE ROGUE

Feb 2, 2008, 9:48 am

[…] will once again be hosting their popular PWN to OWN contest at this years con. I wrote about last year’s contest that was won after a spl0it was found in Quicktime that allowed the attacker to PWN the […]

Leave a Reply