After the famous two minutes it took three security researchers to hack the equally famous Apple MacBook Air, Computerworld reports that another security researcher accomplished a similar feat, this time on a Vista notebook.
The said notebook was running on the Windows Vista Ultimate platform and comes with an installed Flash Player from Adobe. A critical vulnerability in Flash was successfully exploited by Shane Macaulay, a consultant at Security Objectives, enabling him to break into a Fujitsu U810 running Windows Vista Ultimate SP1, and making him the owner of the notebook as well. Macaulay and two other researchers also received a cash reward for this.
This would be the second high-profile hacking in “PWN to OWN” — a challenge that seeks to expose vulnerabilities and bugs in PCs and laptops. The contest offers prizes to researchers who successfully unveiled unknown system and software glitches that may be exploited by malicious users in the future.
The challenge requires the winners to remain silent about their hacking method until after the vendors of affected software have provided the necessary patches and solutions.
If it would be any consolation, no one won the “PWN to OWN” first day challenge, which required that laptops be broken into without user interaction and using only remote code execution. The two successful exploits were done by tricking users and by replicating their behaviors.
Tend Micro advises users to consistently update patches of all applications installed to address known vulnerabilities.