Safari bug gets Charlie Miller a Macbook Air

Security conference CanSecWest's 'Pwn2Own' contest, held this week in Vancouver, BC, once again featured security analyst Charlie Miller wasting no time in taking remote control of a fully patched Macbook Air. Miller took control of the Macbook Air by exploiting an as-yet unpublished vulnerability in Safari, giving the hacker complete control of Mac. In an interview with Ryan Naraine, Miller says that he'd known about this particular security bug for over a year - even before he won last year's contest by exploiting Safari, as well - but held it in reserve due to the difficulty at the time in exploiting it. By the time he returned for this year's contest, he was able to take control of the machine within "a couple of seconds".

Miller won the Macbook Air after directing contest judges to a specially-designed link using Safari for the purpose of delivering the exploit, and allowing him to have remote control of the compromised Mac.

Technorati Tags: apple, mac os x, macbook air, safari, security, vulnerabilities