Posts: 2,956
Threads: 653
Joined: Feb 2024
Still, it isn't like the perpetual hole in Windows that allows the installation of viruses and other malware by launching the installer thru double clicking or whatever. With Mac OSX and Linux there is the barrier of the required user intervention of providing their password.
Holes like he used are one-offs and are forever sealable with the next security update.
Posts: 32,462
Threads: 3,127
Joined: Apr 2025
Reputation:
0
One thing I found interesting when reading about all of this yesterday is this concept of "sandboxing" applications such that once you get in (via hack/virus/malware/etc.) you can't automatically get out to the filesystem or rest of the OS to do real harm.
I don't pretend to understand exactly how it works, and maybe it doesn't without serious usability compromises (Windows UAC, anyone?.) Miller said Google Chrome works in a sandbox and it was the "most secure" browser as a result. Win7 and IE8 have supposedly moved in that direction as well but then again they fell pretty easily too.
Posts: 8,463
Threads: 878
Joined: May 2025
Reputation:
0
The second I read about this, I figured I should just have this ready for cut and paste.
"...the under 10 seconds thing was only achieved because Miller simply provided a URL that took the user to the site where the exploit code was hosted. The donkey work had all been done beforehand, in accordance with PWN2OWN rules, which enabled the speed to be achieved.
Miller says that he provided the link, the judges clicked it and he then showed them he had full control of the MacBook concerned.
Windows users need not feel smug, apparently Safari and IE8 on a machine running Windows 7 also fell soon after the winner. "
The usual yawn.
Posts: 854
Threads: 250
Joined: May 2025
Reputation:
0
Seems to me that even the best home security set-up is useless if you just open the front door and let someone come in. Isn't that about what this amounts to in the OS arena?
