Mac easiest to hack, says $10,000 winner

Security researcher Charlie Miller exploited Safari in two minutes

"I've had a change of heart," said Miller. "I used to think server-side vulnerabilities were easier to exploit, but now I almost think it's easier to exploit the client side. Think about a browser. There's a million things it has to do. It has to handle images and video and audio and.... That's where the danger is these days."

Miller, formerly with the National Security Agency, may be best known as one of the first to hack Apple's iPhone last year. In August 2007, he also blasted Apple for its sluggish updating of the open-source components it uses in its operating system, calling the practice "negligent."

At the time, Miller said he had found at least one critical vulnerability that had been patched in WebKit, the open-source code that powers Safari's engine, but integrated into Apple's browser. When pressed whether the vulnerability he used yesterday to snap up the US$10,000 was a similar bug, he sidestepped the question. "The version of WebKit Safari was using [before 3.1] was very very old, but when they switched to 3.1, it's now pretty much up-to-date."

Apple updated Safari to version 3.1 two weeks ago, patching 10 vulnerabilities in the Mac OS X edition, most of them cross-site scripting bugs.

"[Mac OS X] security is better than it was three or four months ago," said Miller when asked to characterize Apple's current security status. "...We were equally capable of finding [a vulnerability] in Windows if we had to," he said.

TippingPoint, which acquired the vulnerability for its Zero Day Initiative (ZDI) bug-bounty program, said yesterday that it has reported the Safari flaw to Apple. "Until Apple releases a patch for this issue, neither we nor the contestants will be giving out any additional information about the vulnerability," TippingPoint said in a statement on its company blog.

Show Comments