SporkBomb

I’m sure that by now everyone and their grandmother has heard that an ex-NSA employee by the name of Charlie Miller has managed to r00t a MacBook Air after directing the machine to a website with malicious code¹.

OS X security implications aside, my first reaction was not anger or shame-it was puzzlement. I went on searching for a source which would give me more details about the actual hack. I knew that Charlie Miller signed an NDA, promising not to talk about the exploit; but what I needed to know weren’t necessarily the technical details of the exploit. I simply wanted to know what he did from an onlooker’s point of view. There was reportedly an audience of 20 people, cheering Charlie Miller on².

What did Charlie do exactly? Did he just click on a link? Did he click on a link and press to confirm the installation of [something]? Was the MacBook Air logged in and running as an administrator? Does the exploit work on a non-administrative user account, assuming that the user only surfs to the exploiting webpage without clicking anything to confirm the execution of any additional code?

I can only assume that the MacBook Air was indeed logged in as the default administrative account, where the user does have most administrative privileges, however; only after confirming his or her administrative actions via a warning dialog box, a la Vista UAC and Ubuntu.

Three operating systems were put to the test, OS X failed first. What would you expect the result of this to be? Would people attempt to figure out what really happened and then quickly distribute information about protecting from the flaw in Safari 3.1? OF COURSE NOT! This OS X hack gives the Apple/Apple user haters an excuse to unleash a torrent of abuse, ridicule, and pompous bragging about their own respective platforms. In return, the Apple “zealots” unleashed their own set of abuses, ranging from profanities, to making fun of the form factor of some unfortunate Dell laptop, and of course, bragging about the Apple experience. Go to Technorati right now and search for “CanSecWest Mac” and you’ll see exactly what I’m writing about.

Folks, is this really the best thing to be doing? I know that certain mac “zealots” tend to be very offensive to many people. I know that Steve Jobs is a bit annoying to some. I know that to some the sight alone of an Apple store causes uncontrollable convulsions and sickness. Does that mean that we should all turn into the Apple “zealots’” counter-parts and use their own tactics on them? I hope not.

Now off to find out what I can do right not in order to protect myself…

Note: I’m a very happy Mac user-a recent convert from Windows/Linux.

UPDATE: According to John Gruber of Daring Fireball, “contest-winning exploit took advantage of an overflow bug in the PCRE regex library used by WebKit’s JavaScript engine.” Gruber also stated that this issue has been fixed by WebKit developers. My advice to you is to stop using Safari for the time being and to start using the latest build of WebKit. You can also use Firefox or Camino if you’d like. And most importantly, don’t run as an administrator on your Macs, Windows machines, or Linux machines.

–
^{1, 2. http://security.itworld.com/5013/mac-hacked-first-in-contest-080327/page_1.html}