Harry Waldron - Corporate Security News

PWN2OWN Contest - Fully patched MAC owned in 10 seconds
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9129978
http://blogs.zdnet.com/security/?p=2917

QUOTE: "I can't talk about the details of the vulnerability, but it was a Mac, fully patched, with Safari, fully patched," said Miller on Wednesday, not long after he had won the prize. "It probably took five or 10 seconds." He confirmed that he had researched and written the exploit before he arrived at the challenge.

The PWN2OWN rules stated that the researcher could provide a URL that hosted his exploit, replicating the common hacker tactic of enticing users to malicious sites where they are infected with malware. "I gave them the link, they clicked on it, and that was it," said Miller. "I did a few things to show that I had full control of the Mac."