The Inquirer.net

DESPITE THE RABID CLAIMS of Apple fan boys that its software is more secure than anything else on the market, Jobs’ Mob products were the first to be trashed again at a Pwn2Own hacking competition.

In fact flaws in the Iphone OS and zero-day vulnerabilities in Apple’s Safari 4 web browser made a mockery of Apple’s advertising.

Flaws were also found in Mozilla Firefox and Internet Explorer 8 but apparently hackers had some trouble getting around exploitation mitigations in Windows 7, although eventually they did.

Researcher Charlie Miller, principal security analyst at Independent Security Evaluators, quickly exploited a vulnerability in the desktop version of Safari running on Mac OS X. He won $10,000 for the exploit, which was one of 20 zero-day bugs that Apple fanbois deny exist in OS X.

Miller’s exploit opened up a remote shell, which he accessed and was able to run any malicious code he wanted. We guess it just worked!

Miller said discovering the 20 zero-day vulnerabilities took him only three weeks using three computers, so who knows what he would have found if he had kept looking.




  1. qb says:

    No surprise. If you want security run Chrome (or maybe Firefox) on Win7 with no flash. If you really, really want security don’t ever attach your computer to the net.

    Notice they don’t do Linux at Pwn2Own?

  2. Floyd says:

    Allrighty then, what virus scanner DOES protect Macs well?

  3. pedro says:

    Don’t buy this. macs are the safest things on earth. This is just to make you feel bad. Don’t listen to them.

    [Har! - ed.]

  4. ray says:

    Apple fanboys are an interesting bunch. They’ll argue with you till they’re blue about how secure Apple’s products are. And when you show they a pwn2own link, they’ll still downright deny the failure of Apple.

    @#1 – “Notice they don’t do Linux at Pwn2Own?”

    That must be because it’s so cryptic, no one even knows how to use the darn thing. :P

  5. Bernardino says:

    Actually they did Linux and Android, as well.

    Virtually all of the “exploits” were premised on device users clicking into malicious websites – a process which opened the browsers in each device to security holes in the Internet.

    Hard for a lifer to call any of this hacking – much less hacking the devices. Stay off the Web and stay all safe in your rabbit hole – or redo the protocols..

  6. ramuno says:

    All computers online are vulnerable. Apple is easiest because most aren’t using protection.

    Apples cost so much, fewer people have them and the hackers don’t get much bang for their work.

  7. zorkor says:

    MacFags just got slapped in the face…again. Lol!

  8. qb says:

    Nope, no Linux this year (they did Linux in 2008, not sure about 2009). XP, Vista, Win7, and OSX on the desktop. iPhone only phone used even though Android, Symbian, and Blackberries were also available.

  9. Of course, any code has bugs. The trick to writing 100% bug free code is to keep the number of lines at 0.

    Bug free code is bug free precisely because it doesn’t do anything.

    I often refer to programming as a process of enbugging and then debugging.

  10. Oh, BTW, Macs are safer than PCs … primarily because more people own windows boxes and more people hate microsoft, making them much more of a target for hackers.

    On the other hand, in addition to finding more fingers there, I must say that I’ve never heard of microsoft doing a major release of software with few or no new features and just a whole bunch of code tightening.

    Snow Leopard was a great concept in this regard.

  11. yankinwaoz says:

    Thats ’cause they are members of the cult-of-jobs. It is a religion, not a technology. Arguing with them is like arguing with any religious nutter… a total waste of time and energy.

  12. #11 – yankinwaoz,

    Not everyone who prefers mac to pc is cultish about it. I just like the machines better. They’re not perfect, just better. With my work Dell, I get blue screens about once a month; I get hangs where I have to press and hold the power button about once a week. With my mac, I’ve had it for 4 years and probably haven’t had to press and hold the power button more than 8 or 10 times.

  13. Floyd says:

    #4: “That must be because it’s [Linux] so cryptic, no one even knows how to use the darn thing. ”

    Exactly.I know Unix reasonably well, and know that Linux has the same commands as Unix more or less.

    However, when I need to write command line code for Linux or Unix, I usually have to drag out a Unix manual to get the command modifiers right.

  14. Father says:

    You’re welcome hopper.

  15. ethanol says:

    @Misanthropic Scott,

    Welcome back, haven’t seen you in awhile.

  16. Zybch says:

    #10 You’re forgetting win7, but unlike SnowJob it actually made things better and didn’t eat your data during the upgrade.

  17. BigBoyBC says:

    Apple users for years have been lucky, there hasn’t been any real threat to them. But with the passing of time the target on their backs have been getting bigger.

    I think of how many apple users are wide open to attack, just because they are unprepared and inexperenced when it comes to security, it’s scares me…

    I’ve always been a PC guy, but I wouldn’t wish what will eventually come, upon them…

  18. yankinwaoz says:

    #12 Misanthropic Scott
    I did not say all Apple owners are cultist. Nor am I saying Apple has poor products. They have great products.

    I was referring to the fan boys who can’t accept that the product is vulnerable to attack, or might be inferior in any way to anything else.

    I get the sense that you are not one of them and recognize Macs for what they are.. a closed architecture, high price- high quality personal computer platform. Nothing wrong with that.

  19. jobs says:

    It’s hard for us Mac users to understand just how vulnerable we are. Nine years of os x and not one viruses make you lazy. So if ever there is a wide spread malware threat maybe we’ll start to worry or buy a Windows machine to be secure.

  20. Cap'nKangaroo says:

    #19 jobs. And Colonel. Klink was very proud that there was never a successful escape from Starlight 13.

    “I see nothing. I see NOTHING!” said Sargeant Shultz.

  21. ggore says:

    The facts remain, despite this baited story:

    Are there any Mac viruses worth worrying about? NO
    Has there ever been a significant virus attack on Mac? NO
    Is there a Mac virus attack currently going on? NO
    Is there malware worth worrying about for Macs? NO
    Has there ever been a significant malware attack for Macs? NO
    Is there a malware risk right now for Macs? NO
    Do you need to have antivirus, malware, and spyware installed on your Mac before you dare put it onto the internet? NO
    End of subject.

  22. BubbaRay says:

    #21, ggore, do you know why there are no virus attacks on Macs? Hackers just don’t care about such a machine, there are so few there’s no profit or success story in it. Who cares about a Mac or who owns one?

  23. qb says:

    #22 Same with Linux really. Hackers like Miller figure it’s vulnerable as well, but why bother. Windows eventually falls apart or get infected. I keep clean copies around as VM’s and replace it when things go bad.

    I’m thinking simpler, easy to reimage OS’s (obviously you need good data backup) will become more common. People on this blog are probably a little more savvy but the average user doesn’t care much beyond mail, web, some word processing, simple photo management, and music. You really don’t need Windows 7, Snow Leopard or Ubuntu to do that.

  24. madtruckman says:

    these hackers think they are all big and bad, fine. i say if its so friggin’ easy to hack macs, then go for it! hack away! macs are no longer the silent majority anymore so i say let the mac viruses flow! ive been in the school of, with macs, if you get a ‘virus’, you put it on yourself. i say bring it on and let the apple fans tread their way through such ‘viruses’ that these guys who dont leave their mom’s basement except to go get cheetos and some red bull…

  25. ggore says:

    BubbaRay you made my point. There are millions of Mac users out there, look at the stats of increasing market share every quarter for years now, and despite your digs, there are still NO virus or malware worries for Mac users. I am perfectly happy that hackers don’t care about Macs and don’t own one. My life is perfectly wonderful not having to spend money every year on software to keep those worthless people out of my computer. There is nothing good about those people or what they do.

  26. Aj says:

    What annoys me the most is having to disinfect usb drives that come from Mac users. The things are loaded with trojans and malware but since it had no effect on the Mac, they just assumed they didn’t have anything.