Charlie Miller came to Vancouver's CanSecWest security conference to defend his title in the PWN 2 OWN hacking contest. Last year Miller took home the MacBook Air and a $10,000 cash prize Thursday after breaking into the machine.
This year Miller's MO was the same, bring the target MacBook to its knees and pocket $10k (and the MacBook). Zero Day's Ryan Naraine explains that the details of the exploit aren't being released:
TippingPoint’s Zero Day Initiative has acquired the exclusive rights to the vulnerability and coordinate the disclosure and patch release process with Apple. Technical details of the vulnerability will not be released until a patch is ready.
Miller boasted “It took a couple of seconds. They clicked on the link and I took control of the machine,” Naraine says that Miller planned to hack into Safari and tested the exploit carefully to ensure “it worked the first time.”
Naraine also notes that Safari also succumbed to hackers in another contest at the conference:
“Nils” also scored a clean hit against Apple’s Safari (he was the second hacker to exploit Safari) and, later in the afternoon, he exploited a Firefox zero-day flaw to claim the trifecta.