Vista Hacked with Adobe Flash Vulnerability
Macaulay, who uses the "K2" hacker moniker, also won the Fujitsu U810 laptop running Windows Vista Ultimate SP1 that he hijacked with the exploit. According to sources at the conference, the Adobe Flash vulnerability is "cross-platform." Details of the vulnerability and the attack vector are now the property of TippingPoint's ZDI (Zero Day Initiative), the sponsor of the CanSecWest Pwn2Own challenge. Officials from ZDI have confirmed the unpatched nature of the flaw and are coordinating the disclosure process with Adobe. Earlier in the week, security researcher Charlie Miller hijacked Apple's MacBook Air with a drive-by exploit against the Safari browser. That exploit carried a $10,000 cash prize, plus the hacked laptop. A Sony VAIO VGN-TZ37CN machine running Ubuntu 7.10 "Gutsy Gibbon" was the only laptop left standing after the three-day challenge. |
Using a zero-day vulnerability in Adobe's ubiquitous Flash Player, hacker Shane Macaulay hacked into a Windows Vista laptop to win a $5,000 cash prize at this year's CanSecWest Pwn2Own challenge.
Comments (6)
adobe flash has been hacked, not Vista.
Posted by suc | March 29, 2008 3:39 PM
The MacBook Air was the first one hacked within hours and Vista break took 2 days. When can we expect facts rather than sensational sound bites
Posted by Kavi | March 30, 2008 9:38 PM
If cracking Flash allowed privilege escalation of any kind, then it *is* a Vista vulnerability, if not, then it's only a Flash problem.
Posted by Paul Kosinski | March 31, 2008 10:16 PM
Flash runs with user's privileges which are very limited on Windows Vista, so it's impossible you have privilege escalation, especially in a browser like IE7 with Protected Mode ON. Vista is not hacked!
Posted by mike | April 2, 2008 3:42 AM
i think vista is not hacked if some istall some virus program or any program that have bugs then os can be easily hacked same thing happned with vista
vista is good as compare to any other os
and vista security management is also very strong as compare to windows xp
it's like a linux os with very good and nice user interface and not so complicated like linux for home users.
Posted by ajay | April 4, 2008 12:59 AM
This is what happens when people with no idea or knowledge of "security" get involved in arranging an d leading these events.....
Well, what matters is that Microsoft doesn't care, Adobe know the issue and will fix it, the guy who won the laptop know all this crap and is still happy, the organizers got their publicity and are happy and lastly those who invested in this event got their returns.
Why are we boiling our blood people?
Posted by sense | April 8, 2008 10:19 AM