Apple's new operating system, Leopard, got hacked in under two minutes today during the second day of a contest, deemed the "Super Bowl of security research" by the victorious hacker, reports various computer news Web sites.
The contest held at the CanSecWest security conference pitted three powerhouse OS' against each other: Apple's Vista versus Microsoft's Vista versus Linux's Ubuntu. The prize for cracking one of the three OSs first, reports PC World, was the defeated computer and a cash prize that would be slashed in half each day. On Wednesday the cash prize amounted to $20,000 but fell to $10,000 on Thursday when no hacker could compromise any of the OSs. During the first day, hack attacks were limited to attacking the computer over the network.
Then, it happened, according to InfoWorld:
[Charlie] Miller, a former National Security Agency employee best known as one of the researchers who first hacked Apple's iPhone last year, didn't take much time. Within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.
PC Pro reports that neither Vista or Ubuntu have been hacked successfully yet, although there's one more day for hackers to try.
Miller's successful hack attack does present a problem for Apple, it means his attack exposed a security vulnerability, says InfoWorld.
Miller was quickly given a nondisclosure agreement to sign and he's not allowed to discuss particulars of his bug until the contest's sponsor, TippingPoint, can notify the vendor.
Contest rules state that Miller could only take advantage of software that was pre-installed on the Mac, so the flaw he exploited must have been accessible, or possibly inside, Apple's Safari browser.
By late Thursday, Apple engineers were already working on patching the issue, said Aaron Portnoy, a TippingPoint researcher who is one of the contest's judges.