Apple patches Safari bug from hacking contest

Posted by Mark Raby

Cupertino (CA) - Apple has released a new security patch for its Safari browser, to fix the infamous bug that a hacker was able to exploit in a matter of minutes.

Cyber security researcher Charlie Miller was one of three participants in the "Pwn 2 Own" contest at the CanSecWest conference, and beat out his Windows and Linux competitors by breaking into a Mac the same day the contest began.

Image

Miller was given a clean Macbook Air computer, and within two minutes he was able to exploit a vulnerability in the Safari browser and take over control of the laptop.  Apple's recent patch fixes that bug, which Miller had to disclose to the company as part of the contest terms.

The Vista computer was hacked about two days later, and the Linux PC remained uncompromised by the end of the conference.  Miller won $10,000 for his quick hacking skills.

According to the security advisory, the vulnerability was seeded in Safari's Webkit and how it handled certain Javascript commands.  

The bug also affects PC owners who use the Windows version of Apple's Safari browser.  Apple has released fixes for both versions, and the update can be downloaded at Apple.com.