Mac OS hacked

Vulnerability found in Safari

23 April 2007 13:17 GMT / By Stuart Miles

A pair of software engineers have successfully hacked Apple's OS X operating system.

The competition, overseen by TippingPoint's Zero Day Initiative that was a part of the CanSecWest computer security conference in Vancouver, Canada challenged computer experts to hack two MacBooks connected to a wireless router within 48 hours.

After 24 hours and no success the rules had to be weakened allowing users to put malicious code online and launch attacks on a small flaw in the company's Safari internet browser.

Two hours and 24 minutes later the organisers announced that one of the MacBooks had been breached.

The attack was launched by software engineer Shaun Macaulay, but the strategy he used was devised by Dino Dai Zovi, a professional computer security researcher in New York, who found the vulnerability in Safari and wrote the exploit overnight in about 9 hours, he told CNET News.

According to comments posted on Digg, the pair were able to achieve user-level shell access only, not root level.

Dai Zovi could be rewarded further for his work by claiming a $10,000 bounty on offer for successfully hacking an element of Apple's operating system.