Linked by Thom Holwerda on Fri 20th Mar 2009 13:51 UTC, submitted by google_ninja
Privacy, Security, Encryption Fresh from winning the PWN2OWN contest yesterday, Charlie Miller has been interviewed by ZDNet. He talks about how Mac OS X is a very simple operating system to exploit due to the lack of any form of anti-exploit features. He also explains that the underlying operating system is much more important in creating a successful exploit than the bowser, why Chrome is so hard to hack, and many other things.
Thread beginning with comment 354149
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Comment by sadyc
by DaveDavtropen on Fri 20th Mar 2009 16:45 UTC in reply to "RE: Comment by sadyc"
DaveDavtropen
Member since:
2009-03-20

The exploit Miller used last year was in the open-source WebKit part of Safari. (In fact, it was in a third-party library used by WebKit, and not a bug in Apple's code as such.) It's likely, though hardly guaranteed, that the bug he used this year is also in WebKit, since he's said before that he discovered it at the same time. (By the way, he found the bug by reading source code. Pretty cool, huh?)

Since Chrome uses all the same WebKit code as Safari, it's likely that both of these bugs are (or were) present in Chrome. The exploits would still be very different, though: The initial bug will get you through the front door, but it won't lead you to the self-destruct button.

It's true that Safari's interface is closed-source, but it's also true that fixing a WebKit bug would benefit the open source community, because that's public code used by a number of browsers.

Reply Parent Score: 2

RE[3]: Comment by sadyc
by dagw on Fri 20th Mar 2009 17:08 in reply to "RE[2]: Comment by sadyc"
dagw Member since:
2005-07-06

According to rumors on some other site I read the exploit wasn't in WebKit per se, but in a third party (open source) library used by the javascript engine. The real kicker, according to the same post, was the the bug Miller exploited has already been found and fixed upstream, but Apple is using an old version of that library that still has the bug.

Of course the only people who actually know what happened are under NDA, so take this with a grain of salt.

Reply Parent Score: 6

RE[4]: Comment by sadyc
by aliquis on Sat 21st Mar 2009 11:16 in reply to "RE[3]: Comment by sadyc"
aliquis Member since:
2005-07-23

The real kicker, according to the same post, was the the bug Miller exploited has already been found and fixed upstream, but Apple is using an old version of that library that still has the bug.
And this is yet another clue for the retards who claim OS X is so f--king secure, why on earth do they put a bunch of security fixes in "Security fix q1 2009" for instance? If they was serious about fixing the issues they would update/patch the issue immediately and release an update, but they don't. So you have plenty of unpatched stuff until they decide to release their big patch.

Reply Parent Score: 1