Apple Inc. (NASDAQ:AAPL) is famed for how secure its operating systems, such as OS X, are, but today a team of Chinese hackers succeeded in penetrating Safari’s defenses. The annual PWN2OWN competition, part of the annual CanSecWest security conference, was the scene of this ominous success, as professional hackers gather to attack current operating systems and tech firm representatives attend to watch the outcome. This year, Safari was one of the tougher nuts to crack, but it did indeed fall victim to one of the two teams that undertook to penetrate its defenses.
Day two of the contest witnessed the fall of Safari at 10 A.M., when Liang Chen and Fang Jiahong of China’s noted hacker group Keen Team smashed their way quickly through Safari’s security and “pwned” Apple’s (AAPL) much vaunted OS X. The browser redeemed itself somewhat by routing a second team of hackers, however, with Team VUPEN conceding defeat at 11 A.M. and withdrawing their attempt to win the second place cash prize available for penetrating Safari’s security layers.
Only one attack succeeded against Safari in total, putting it on an equal footing with Adobe Reader. By contrast, Mozilla Firefox was compromised successfully four times, Microsoft Internet Explorer and Adobe Flash twice each, and Google Chrome 1.6 times. The only system that proved invulnerable to the diligent hackers on both the first and second days of the unusual competition was Oracle Java, which defeated all comers on both days.
The Keen Team, which won $40,000 for their success, reported that a succession of two different hacks were needed to penetrate Safari successfully. The foundation for exploiting the weakness started by overflowing the Webkit, which left the door open for the next maneuver. The pair of hackers then successfully bypassed the sandbox, which gave them the same priveleged access as a legitimate user of the system. Mr. Chen, the team’s spokesperson, noted that iOS is easier to hack than OS X due to Apple’s methods of updating security for each platform.
Mr. Chen praised the toughness of Apple’s security measures, noting that they are better than the competition though not invulnerable. He declared, “Even if you have a vulnerability, it’s very difficult to exploit,” and went on to add, “in general, the security in OS X is higher than other operating systems.” The results were observed by Apple Inc. (AAPL) representatives, who gathered the necessary information to plug the security breaches revealed by the skillful hackers.
Besides helping to make OS X a bit more secure against even topnotch hacking experts, the contest also generated some cash for a good cause. Mr. Chen and Mr. Jiahong opted to donate a portion of their prize to a charity for possibly hijacked Malaysian Airlines Flight 370. This is not the team’s first success against Apple Inc.’s security systems, as they managed to hack iOS 7.0.3 at last year’s conference, leading to additional exploit patches from the Cupertino firm.
