Cupertino (CA) - Apple has released a new security patch for its Safari browser, to fix the infamous bug that a hacker was able to exploit in a matter of minutes.

Cyber security researcher Charlie Miller was one of three participants in the "Pwn 2 Own" contest at the CanSecWest conference, and beat out his Windows and Linux competitors by breaking into a Mac the same day the contest began.





Miller was given a clean Macbook Air computer, and within two minutes he was able to exploit a vulnerability in the Safari browser and take over control of the laptop.  Apple's recent patch fixes that bug, which Miller had to disclose to the company as part of the contest terms.

The Vista computer was hacked about two days later, and the Linux PC remained uncompromised by the end of the conference.  Miller won $10,000 for his quick hacking skills.

According to the security advisory, the vulnerability was seeded in Safari's Webkit and how it handled certain Javascript commands.  

The bug also affects PC owners who use the Windows version of Apple's Safari browser.  Apple has released fixes for both versions, and the update can be downloaded at Apple.com.

Uh... Not quite

Apr 17, 2008 09:50     

IIRC no one could hack into the computers on the first day hence why the 20k prize went unclaimed. The second day, when they could use anything inherently in the system(?) to hack it was the mac taken out. Please get it straight. I am not a mac fan but I hate it when people report a "trimmed" version which can be misleading.
Jon report abuse vote down vote up Votes: -2

True, but

Apr 17, 2008 13:22     

It still got hacked in 2 minutes on the second day. http://www.macworld.com/article/132733/2008/03/hack.html
Action Jackson report abuse vote down vote up Votes: +0

Right, 2 Minutes Was *All* it Took...

Apr 18, 2008 00:22     

For him to hop on the computer, discover the security hole, create a maliciously coded website that took advantage of the hole, post it, and then surf over. Mark, you're showing your usual penchant for "research" when it comes to all things Mac. AJ, you're showing a remarkable lack of thinking things through; Miller is a security expert and obviously had done the work ahead of the convention.
Cromag report abuse vote down vote up Votes: +0