Mac Hacked!

A security researcher sent instructions to a security engineer on a zero-day vu lnerability in Safari and together worked for 9 hours on an ex ploit to hack into a Macbook at a hack-a-Mac contest the engin eer had joined. Dino Dai Zovi, a security researcher who has found flaws in Ma c software in the past, fed info to Shane Macaulay, a security engineer who had joined the two-day "PWN To Own" Mac-hacking contest at the CanSecWest Security Conference at Vancouver yes terday, to win one of two MacBooks that were being given to the first people wh o can hack into them. The Macs were current and up-to-date with all security pa tches, but had no special security software on them outside of what came with < strong>OS X. On April 20, the second day of the contest, the rules were relaxed after no one was able to do it the day before, and Macaulay was able to hack into one of th e Macbooks using Dai Zovi's help. The hack was accomplished by having a CanSecW est organizer surf to a malicious website using Safari, upon which they used th e zero-day security hole in the browser, a tactic familiar to Windows hackers. Macaulay is now the proud owner of the Macbook he hacked. This comes (coincidentally?) on the heels of the release of the new Security Upd ate from Apple the day before the hack.