Linked by Thom Holwerda on Fri 20th Mar 2009 13:51 UTC, submitted by google_ninja
Privacy, Security, Encryption Fresh from winning the PWN2OWN contest yesterday, Charlie Miller has been interviewed by ZDNet. He talks about how Mac OS X is a very simple operating system to exploit due to the lack of any form of anti-exploit features. He also explains that the underlying operating system is much more important in creating a successful exploit than the bowser, why Chrome is so hard to hack, and many other things.
Permalink for comment 354149
To read all comments associated with this story, please click here.
RE[2]: Comment by sadyc
by DaveDavtropen on Fri 20th Mar 2009 16:45 UTC in reply to "RE: Comment by sadyc"
DaveDavtropen
Member since:
2009-03-20

The exploit Miller used last year was in the open-source WebKit part of Safari. (In fact, it was in a third-party library used by WebKit, and not a bug in Apple's code as such.) It's likely, though hardly guaranteed, that the bug he used this year is also in WebKit, since he's said before that he discovered it at the same time. (By the way, he found the bug by reading source code. Pretty cool, huh?)

Since Chrome uses all the same WebKit code as Safari, it's likely that both of these bugs are (or were) present in Chrome. The exploits would still be very different, though: The initial bug will get you through the front door, but it won't lead you to the self-destruct button.

It's true that Safari's interface is closed-source, but it's also true that fixing a WebKit bug would benefit the open source community, because that's public code used by a number of browsers.

Reply Parent Score: 2