“According to Matasano (home base for security researcher Dino Dai Zovi), the announced-but-unreleased web browser exploit that was used to win the CanSecWest MacBook Pro challenge involves browser support for Java. Turn off Java for Safari (or Firefox, or Camino) and your machine is immune,” Michael Rose reports for TUAW.
Full article here.
“The vulnerability affects Firefox as well as Safari,” Matasano Chargen reports.
Full article here.
[Thanks to MacDailyNews Reader “Adam W.” for the heads up.]
MacDailyNews Take: The story clarifies. As it always seems to do after the damage is done in the media (meanwhile, Mac users continue to surf the Web unaffected). So, that’s some Mac OS X “hack,” huh? Ten grand and a MacBook Pro for that? Pfft. We await InfoWorld’s next hysterical headline regarding this developing story with bated breath.
MacDailyNews Note: To protect yourself from this unreleased-in-the-wild, yet extremely over-publicized scourge, in Safari’s Preferences, uncheck “Enable Java” in the “Security” tab. In Firefox’s Preferences, uncheck “Enable Java” in the “Content” tab.
InfoWorld publishes false report on Apple Mac security – April 21, 2007
CanSecWest’s $10,000 ‘Hack a Mac’ challenge relaxes barriers, finds exploitable hole in Safari – April 20, 2007
Apple MacBooks hold strong, remain unhacked after first day of $10,000 ‘Hack a Mac’ challenge – April 20, 2007
CanSecWest sweetens ‘Hack a Mac’ contest pot to $10,000 – April 20, 2007
CanSecWest to hold ‘PWN to OWN’ contest: pits Apple MacBook Pros vs. hackers – March 26, 2007
Microsoft’s oft-delayed, much-pared-down Windows Vista hacked at Black Hat – August 07, 2006
Microsoft publicity stunt asks hackers to attack Windows Vista – August 04, 2006
Apple Mac remains ‘unhacked’ as University of Wisconsin’s Mac OS X Security Challenge ends – March 08, 2006
Mac OS X ‘unhacked’ over 24 hours and counting in genuine security challenge – March 07, 2006