Charlie Miller Wins Pwn2Own Again Thanks to Safari Flaw

Reportedly, Miller pulled off the feat in under 10 seconds

By Filip Truta on March 19th, 2009 15:37 GMT
In what looked like a Pwn2Own rerun, the CanSecWest conference this week saw security researcher Charlie Miller crack Safari on a machine running Mac OS X again. Miller was able to use an exploit he had already prepared to win the contest, just like he did last year. The researcher has granted the reporting rights of the discovered flaw in Safari to TippingPoint’s Zero Day Initiative, according to AppleInsider.

The report points out that, due to Miller's repeated success of compromising a Mac immediately, the Internet was flooded with headlines saying Macs are inherently less secure, even though it wasn't only Apple's Safari that cracked under the hands of a hacker, but every other browser put to the test in Pwn2Own.

Although some see Pwn2Own as a competition where hackers sit down, turn on a computer and hope to find some kind of flaw to compromise the machine with, the reality is that researchers arrive at CanSecWest with the exploits "in hand," knowing where to hit and when. This is one of the reasons why this so-called “oversimplification” of the Pwn2Own contest has resulted in criticism of how the contest is portrayed. According to Jeff Jones, the director of Microsoft's security group, the Pwn2Own contest is "simplifying security to the point of uselessness."

Also, the contest cannot reflect real life, as it pits the latest available version of OS X Leopard against new versions of Windows that have been left aside by the vast majority of Windows PC users, according to AppleInsider, which has an extended analysis of this year's Pwn2Own contest.

As noted above, researcher Charlie Miller granted the reporting rights of the Safari flaw to TippingPoint’s Zero Day Initiative, in exchange for the winning prize - the MacBook he hacked and US $5000 in cash. For its part, TippingPoint will carefully schedule the disclosure of the vulnerability to match Apple's release of a patch for the respective Safari hole.
Charlie Miller
   Charlie Miller