It happens the same as it happens in every OS, errors in code. Exploits written to take advantage of the errors. Your question about Miller starting as admin...he is on another machine and by remote over the network takes over the mac via a Safari exploit. So the question is, after he has remotely taken over the mac, does he have admin rights there? I haven't seen anything saying either way, only that in his words he has 'taken over the mac'.
On Fri, Mar 20, 2009 at 4:01 PM, Jennifer Hiebert <[email protected]>wrote: > I'm curious about some of Miller's statements to zdnet afterward ( > http://blogs.zdnet.com/security/?p=2941, linked at the bottom of the > tippingpoint entry), e.g. > > It’s really simple. Safari on the Mac is easier to exploit. The things >> that Windows do to make it harder (for an exploit to work), Macs don’t do. >> Hacking into Macs is so much easier. You don’t have to jump through hoops >> and deal with all the anti-exploit mitigations you’d find in Windows. >> >> It’s more about the operating system than the (target) program. Firefox >> on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit >> stuff built into it. >> > > Do folks here know, is Miller starting as an admin user, e.g.? [I don't > want to start any bonfires; I love my Mac, and don't plan to ditch it, but > statements like these make me wonder how it's happening.] > > Jennifer Hiebert > > On Mar 19, 2009, at 11:44 AM, mike wrote: > > CanSecWest kicked off again.. >> >> >> >> http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits >> \ >> >> Safari, IE 8 and firefox all taken down easily by the same guy who took >> Apple down last year. So far chrome is the only left standing, although >> that seems to be more from lack of trying then anything. They are >> supposed >> to take cracks at the mobile market next, that should be more interesting. >> >> Mike >> >> >> ************************************************************************* >> ** List info, subscription management, list rules, archives, privacy ** >> ** policy, calmness, a member map, and more at http://www.cguys.org/ ** >> ************************************************************************* >> > > > ************************************************************************* > ** List info, subscription management, list rules, archives, privacy ** > ** policy, calmness, a member map, and more at http://www.cguys.org/ ** > ************************************************************************* > ************************************************************************* ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *************************************************************************
