Security Researcher Charlie Miller plans to focus on Safari during the Pwn2Own hacking contest, which takes place during CanSecWest. Miller, who successfully found exploits for Safari at a previous Pwn2Own, implies that Safari is actually quite easy to attack through plugins like Java and Flash.
While Snow Leopard has seen substantial improvements in this respect, Miller is still confident that he can attack the latest iterations of Safari and Mac OS X without too much trouble. Miller says that the Mac OS doesn’t have any anti-exploit security measures making Safari on the Mac an easy target. This has implications for regular Mac OS X and Safari users, as any exploits found during the conference will likely be addressed by Apple in future software updates.
It’s been reported that other contestants at Pwn2Own will take a serious run at the iPhone, possibly through Mobile Safari.
Related posts:
- Mac Security Problems Exposed at Pwn2Own
- Security Update 2010-003 for Mac OS X Released
- Two-Year-Old Safari Vulnerability Still Unpatched
- Apple Suggests Security Software May Increase Mac Security
- Security Expert Finds Fault With Mac OS X
