Macaulay, a software engineer, was able to hack into a MacBook through a zero-day security hole in Apple’s Safari browser. The computer was one of two offered as a prize in the “PWN to Own” hack-a-Mac contest at the CanSecWest conference in Vancouver.
Macaulay teamed with Dino Dai Zovi, a security researcher until recently with Matasano Security. Dai Zovi, who has previously been credited by Apple for finding flaws in Mac software, found the Safari vulnerability and wrote the exploit overnight in about 9 hours, he said.
“The vulnerability and the exploit are mine,” Dai Zovi said in a telephone interview from New York. “Shane is my man on the ground.”
Dai Zovi plans to apply for a $10,000 bug bounty TippingPoint announced on Thursday if a previously unknown Apple bug was used. “Shane can have the laptop, I want the money,” Dai Zovi said. TippingPoint runs the Zero Day Initiative bug bounty program.
[CNet]
