Apple's OS X is First OS to be Hacked at This Year's Pwn2Own

From DailyTech: The conception that Apple, Inc. computers running OS X are magically more secure than Windows computers was dealt another setback this week. Using a flaw in Apple's pre-installed first-party Safari browser, it took French security pro Chaouki Bekrar merely 5 seconds to hijack the unwitting MacBook at the CanSecWest Conference's pwn2own contest in Vancouver, British Columbia.

On a most basic level the attack exploited Apple's weak memory protections in OS X Snow Leopard. Microsoft, more popular and more commonly attacked, includes two critical types of memory protection -- data execution prevention and robust address space layout optimization (ASLR) -- both of which attempt to prevent memory injection attacks. By contrast, Snow Leopard only supports ASLR and the implementation is badly botched according to hackers.

The attack also exploited poor coding in Apple's branch of WebKit, which features many bugs and security flaws. While Apple's WebKit branch, which powers its Safari browser, shares a certain amount of code with Google's WebKit browser Chrome, Google has added much more robust security layers and is less buggy.

So if Apple computers are less secure than Windows machines, why are Windows machines attacked so much more frequently? Generally, the answer boils down to that there's far fewer Macs and that hackers often have misgivings about mass attacks Unix-like operating systems (Linux, OS X) as they view it as "attacking their own." Ultimately these two factors combine into a greater barrier -- lack of information.

Since not many hackers target OS X, those that do have to tread entirely new ground. Take Mr. Bekrar and his team at French security firm VUPEN. He says that the exploit was "relatively difficult" due to lack of documentation in the security/hacking community on OS X. He states in a ZDNet interview, "We had to do everything from scratch. We had to create a debugging tool, create the shellcode and create the ROP (return oriented programming) technique. The main difficulty was doing this on our own, without the help of any documentation."

View: Article @ Source Site