Apple fixes prize-winning Safari bug
Apple has issued a patch to fix the loophole identified by the winner in the recent CanSecWest security conference ‘PWN 2 OWN’ competition.
Security Evaluators Researcher Charlie Miller exploited the bug to gain access to the computer and read a specific file from it to win the competition, $10,000 and the MacBook Air he was hacking.
For security reasons, Miller exact method was kept a secret, although we did know that he was allowed to direct the organisers to use the laptop to access a website of his choosing, so it wasn’t hard to narrow down Safari as the culprit and experienced hackers could probably have made narrowed it down further with intelligent guesswork. Reassuring, eh?
Now that it’s fixed, we’ve learned that the bug lay in the way WebKit, the open-source HTML rendering engine, processed certain types of JavaScript commands.
Considering that the latest of Apple’s notebook line-up was the first to fall in the competition and the company has already stirred up some bad blood by dumping its Safari browser on unsuspecting PC users, there was still a bit of a wait for the loophole to be plugged.
Safari (via PCWorld)
Related posts: Vista falls to Flash Player bug | PayPal not fans of Safari