Apple + Security & Privacy

Hacker Charlie Miller, who bested Safari in last year’s Pwn2Own contest, has said that Safari will be the first to fall in this year’s contest. “It might be because I’m biased about the things I’m good at, but it’s the easiest browser [to hack],” Miller said. Last year, Miller grabbed a $10,000 prize by cracking a Mac, using a Safari vulnerability to do so. In this year’s contest, the sponsor, 3COM, has put a $5,000 bounty on each bug that is successfully exploited.

But Miller says it’s not only Safari that’s easy to crack, but Mac OS X as well. “Put Safari atop Mac OS X, and the target’s too good to pass up,” said Miller.

Of course, this kind of contest is a bit of a sham. The “researchers” who compete have been storing up their bugs and exploits for months so they can make a quick buck at the contest. Miller, who hacked a Mac in 5 minutes last year, certainly didn’t discover and exploit a bug in that time. Instead of these researchers reporting their bugs to vendors, they’ve gotten into the habit of keeping them under wraps so they can make some money from them.