Macworld recently came up with a report on a winning hack, which is purported by Shane Macaulay and Dino Dai Zovi for the Hack a Mac contest at CanSecWest in recent week.
The conference and contest came about between April 18-20th in Vancouver, British Columbia:
CanSecWest organizers will set up the MacBooks with their own access point and all security updates installed, but without additional security software or settings. Attendees will be able to connect to the machines via the access point through Ethernet or Wi-Fi, according to the CanSecWest Web site.
As initially designed, the rules and regulations for the hack a mac competition were given respite subsequent to no one had succeeded in the contest on the earlier days. A URL, in the relaxed set of rules, was made available that uncovered Safari to a “specially-crafted Web page” which enabled the hacker to get shell access to the MacBook.
Comeau maintained that the URL opened a blank page but revealed a flaw in input tackling in Safari. An attacker may possibly make use of the flaw in many ways, however Di Zovie utilized it to open a back door that provided him right of entry to everything on the PC. In accordance with Matasano, Apple’s latest Security update does not take in hand this particular problem with Safari.
