Feeds

Hack-off contestant dubs Apple Safari 'easy pickins'

Pwn2Own's low-hanging fruit

Secure remote control for conventional and virtual desktops

Apple's Safari browser is likely to be compromised multiple times at an annual hacking contest being held later this month because it's "easy pickins as usual," a researcher specializing in Apple security says.

Charlie Miller, the white-hat hacker who successfully felled a MacBook Air at last year's Pwn2Own competition, predicts the Apple browser will be hacked by at least four contestants this time around. That makes it the most vulnerable piece of software at this year's event, according to Miller, who was also among the first to disclose critical iPhone vulnerabilities a few weeks after its release.

Within hours of debut of Safari for Windows in June of 2007, security researchers discovered multiple vulnerabilities that could allow attackers to remotely install malware on the machines of people who used the beta. A co-author of the recently published The Mac Hacker's Handbook, Miller says Safari hasn't made enough progress since then and he cites several reasons why.

For one, the ASLR, or address space layout randomization, protection in Apple's OS X is easily defeated, allowing hackers to overcome a barrier that prevents similar exploits from working on the most recent versions of Windows. What's more, the it-just-works Mac credo increases the number of potential soft spots hackers can target.

"Every feature an application has is another spot a vulnerability may lay," he writes in an email to The Register. "These features are why I like Safari, but, the drawback is it has a large attack surface."

Miller goes on to predict that Google's Android will be successfully pwned by one participant, explaining "Not too tough but no one owns one." Translation: Android's susceptibility to breaches will be slightly offset by its lukewarm reception in the market.

Meanwhile, the iPhone and Symbian devices will survive unscathed thanks to their non-executable heap. Such countermeasures prevent code loaded into a program's heap from executing, making it hard for hackers to exploit the devices maliciously even when software bugs are discovered. Miller also predicts that IE8 and Firefox will also emerge undefeated.

Miller makes no predictions about Google's Chrome, which has also been shown to be susceptible to attack.

This year's event will take place March 18-20 at the CanSecWest security conference in Vancouver. One track will pit hackers against the major browsers, including Safari, Internet Explorer, and Firefox. A second track will test the mettle of major smart phones, including the iPhone, Blackberry, and devices running the Android, Symbian, and Windows Mobile OSes. El Reg will once again provide start-to-finish coverage of the hacking games in all their glory. ®

This article was updated to note that the 2007 debut was for Safari for Windows.

Secure remote control for conventional and virtual desktops

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?