The Pwn2Own trifecta: Safari, IE 8, and Firefox exploited on day 1
http://www.engadget.com/2009/03/19/the-pwn2own-trifecta-safari-ie-8-and-firefox-exploited-on-day/That didn't take long. One day into the Pwn2Own hacking competition at CanSecWest and already Apple, Microsoft, and Mozilla have been sent packing to their respective labs to work on security issues in their browsers. In a repeat performance, Charlie Miller pocketed a $5,000 cash prize and a fully-patched MacBook by splitting it wide, and gaining full control of the device after a user clicked on his malicious link.
Safari hole exploited in seconds at security conference
http://news.cnet.com/8301-1009_3-10199652-83.htmlThe security expert who won $10,000 hacking a MacBook Air in less than two minutes last year won $5,000 on Wednesday by exploiting a hole in Safari in 10 seconds or so.
Charlie Miller, principal security analyst at Independent Security Evaluators, used a MacBook running the latest version of the Mac OS as part of a contest at the CanSecWest security conference called "Pwn2Own," which is hacker slang for gaining control of a computer.
Questions for Pwn2Own hacker Charlie Miller
http://blogs.zdnet.com/security/?p=2941Why Safari? Why didn’t you go after IE or Safari?
It’s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows.
It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit stuff built into it.