March 3rd, 2009
Pwn2Own hacker: Apple Safari is 'easy pickings'
Charlie Miller, the security researcher who won last year’s Pwn2Own hacker contest, is predicting that Apple’s Safari browser will be the easiest target this year.
In a note posted on the popular Daily Dave mailing list, Miller describes Safari as “easy pickin’s” and forecasts that at least four zero-day Safari flaws will be used during the contest at CanSecWest later this month.
[ SEE: Pwn2Own hacker contest targets browsers, smart phones ]
This year’s contest will pit hackers against browsers and smart phones with Internet Explorer, Firefox, Safari, Opera and Chrome among the high-profile targets. It will also include attacks against fully patched BlackBerry, Android, iPhone, Symbian and Windows Mobile phones in their default configurations.
Here are Miller’s predictions:
- Safari: hacked by 4 different people. Easy pickin’s as usual.
- Android: hacked by 1 person. Not too tough but no one owns one.
- IE8, Firefox: Survive unscathed. The bugs to exploit equation is too hard for $5k.
- iPhone, Symbian: Survive due to non-executable heap.
- Blackberry, Windows Mobile, Chrome: I don’t know enough to say anything intelligent. That said, they’re probably hard/obscure and so survive.
Last year, Miller exploited a Safari flaw to hijack a fully patched MacBook Pro machine. He is also known for launching successful attacks against Apple’s iPhone and Google’s Android platform.
ALSO SEE: 10 questions for MacBook hacker Dino Dai Zovi
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
