Apple’s Leopard has been hacked within 30 seconds using a flaw in Safari, with rival operating systems Ubuntu and Windows Vista so far remaining impenetrable in the CanSecWest PWN to Own competition.
Security firm Independent Security Evaluators (ISE) — the same company that discovered the first iPhone bug last year — has successfully compromised a fully patched Apple MacBook Air at the CanSecWest competition, winning $10,000 as a result.
Charlie Miller, a principal analyst with ISE, said that it took just 30 seconds and was achieved using a previously unknown flaw in Apple’s Web browser Safari.
Competitors in the hacking race were allowed to choose either a Sony laptop running Ubuntu 7.10, a Fujitsu laptop running Vista Ultimate SP1 or a MacBook Air running OS X 10.5.2.
“We could have chosen any of those three but had to make a judgement call on which would be the easiest and decided it would be Leopard,” Miller said.
“Every time I look for [a flaw in Leopard] I find one. I can’t say the same for Linux or Windows. I found the iPhone bug a year ago and that was a Safari bug as well. I’ve also found other bugs in QuickTime.”