Update on the PWN to OWN contest at the CanSecWest conference. After the MacBook Air got compromised in 2 minutes, Shane Macaulay claimed victory over the Fujitsu laptop running Windows Vista. Yes, Windows Vista was compromised at the tail end of Day 2, at 7:30 p.m., thanks to a vulnerability in Adobe Flash.
More in PWN to OWN: Final Day (and another winner!) on TippingPoint.
The list of conference sponsors includes both Adobe and Microsoft.
{ 3 comments… read them below or add one }
Shouldn’t the title read ‘Flash compromised on Vista’?
The title of the post would lead people to believe that Vista was the problem and not Flash.
You have a point – I agree to a certain extent. However, an argument can also be made against Vista allowing it – an argument that the Mac and Linux crowd certainly won’t miss.
Vista can’t reasonably disallow applications from doing things that the user has rights to do.
Those applications are considered to be under the control of the user, because they were initiated by the user, and the user is assumed to have not installed applications whose control can be wrested away.
Obviously, it depends on what was actually used to achieve the entry, but the hacker himself said that this attack would have worked just as well on Linux or Mac OS X.