“Apple updated Safari for both Mac OS X and Windows to version 4.0.5, hardening the browser before it’s tossed into the ring with Microsoft’s Internet Explorer, Mozilla’s Firefox and Google’s Chrome at this year’s Pwn2Own hacking challenge,” Keizer reports. “The contest organizer has predicted that Safari would be the first to fall when researchers battle for $40,000 in prize money beginning March 24 at the CanSecWest security conference.”
“Nine of the 16 flaws patched Thursday were in the open-source WebKit browser engine that forms the foundation of Safari; six affected only the Windows version, which runs on XP, Vista and Windows 7,” Keizer reports. “Of the half-dozen Windows-only vulnerabilities, four were in the Image IO component, and could be triggered by specially-crafted TIFF or BMG image files when rendered by Safari.”
Keizer reports, “The WebKit fixes may be timely. Last month, Aaron Portnoy, security research team lead with 3Com TippingPoint, the sponsor of Pwn2Own, bet that Safari would crumble at the contest in part because it’s built ‘on the notoriously buggy WebKit.'”
Full article here.
[Thanks to MacDailyNews Reader “Robert S.” for the heads up.]
They should have done it 2 days before… would love to see some of them smug hackers sweatin.
Do they test betas, too, or just release versions?
They Still have time to release a spoiler update. Just in time to make those hackers show the pucker factor.
Though it would be fun to release it a few days before.
Good to see Apple’s being kept on their toes. Nothing like complacency to let the others get the lead.
notoriously buggy? sorry buddy – you must work for Adobe…
Nothing like the media equating the speed the hack runs (“hacked first”) with the amount of effort needed to develop the hack before the contest starts (weeks or months).
What ever you work on first is often what you finish first. Many people leave the real easy stuff for last! When they teach these turds to hack, don’t they start with Windows because it has all the traditional BIG ASS HOLES in it’s software?
I agree that they should have waited a few days before to release the update.
The is hilarious–LOL!
Two weeks is also far enough in advance that Apple can claim the hackers contest had nothing to do with the timing of the update, annoyng the hackers even more!
I agree that these hacking contests are not what they seem to be, but I’m also glad the same contests are very likely pushing Apple a little faster on the updates.
And more power to Apple for exploiting the contest just like everyone else does.
Wow, this is going to be a good thing for all computer users in the end. Just think about those Windows users, when it was found out that IE6 had so much holes in it. People are grouping hackers and crackers together which isn’t cool. Hackers are the guys that may show you how to tether or jailbreak an iPhone. Crackers are guys who are trying to steal your personal information. Get your knowledge up, and be happy that we don’t have to worry about hardly anything on a Mac.
CanSec West – time for Charlie Miller to puff out his chest like Barney Fife.
Uh, Chrome is also built on the “notoriously buggy WebKit.”
Yeah, since Chrome is built on WebKit, doesn’t the update fix Chrome as well?
“Safari would crumble at the contest in part because it’s built ‘on the notoriously buggy WebKit.'”
Yeh, ’cause Internet Explorer is the most beautiful, bullet proof code ever written in the Universe.
” width=”19″ height=”19″ alt=”LOL” style=”border:0;” />
It’s true even Space Aliens said so.
” width=”19″ height=”19″ alt=”cheese” style=”border:0;” />
This year it will take 3 minutes instead of 2 to hijack Safari.
And just like every other year, the exploits used to hijack Safari at CanSecWest will do absolutely nothing in the real world.