A controlled environment and open source code used on all systems. Doesn't that seem to add bias to the "contest?" And apparently he was already aware of a known exploit and was prepared for it. Going against Windows 7 Beta isn't a fair test either since it is unfinished software.
I think another thing people failed to realize is that while bravo on hacking IE8 on W7, the fact is both of those are in Beta with IE8 coming to retail only today to Vista.
So unless they were hacking Safari 4 Beta, i don't see how its a fair comparison.
All this really goes to prove is that its the end user you need to be scared off. Today, its not really what Apple, Mozilla, or Microsoft do. Its really how you yourself are aware and protect your own computer. The Trojan on iWork further proved that, Apple users need to be just as aware when they visit websites and download unknown software as Microsoft users do. In addition social engineering such as phishing sites designed to steal your banking details do not differeintiate between browsers or operating systems.
Simply being able to run code outside the browser is plenty powerful enough ... as in delete all the user's files perhaps? Or if the hacker decides to run a program that pops up a window which looks exactly like Software Update and prompts you to enter an admin username/password ... game over.
I don't think that will work, apart from the difficulty of recreating an application in a realistic way (lots of subtle details) it must be created and launched. This throws up all kinds of hurdles for the hacker. The application must be signed to prevent a password request popup. And I suspect that signing cannot be done without elevated user rights and results in ... a password request.
It won't work to delete all files either. With time machine all files can be restored.
And ... no, the time machine database cannot be deleted even with elevated (root) access.
Not only that, since his identity isn't exactly a secret, Apple could offer him a job without him asking for it. If they don't, he has no obligation whatsoever to give Apple, or anybody else, the product of his work for free.
Amazing how using hard-earned knowledge to obtain something in return makes you a moron in the eyes of some people.
He has more of a risk being sued by Apple, if his exploit turns up in the wild.
And Mac OS X systems exist in much greater numbers than ISS firewalls ever did. If there was a vulnerability in Mac OS X that would lead to something as disruptive as Witty Worm was, then someone definitely would have taken advantage of it by now.
As Mac users, we should never fall into the trap of using Windows as a baseline. I don't use the behaviour of Milosovic or Blair to check my moral compass, and I don't use Windows to evaluate how secure my Mac ought to be.
Better to compare with, say, an Oracle database, which is a system built on top of a unix platform as OSX is. I have never heard of someone logging into an Oracle session and hacking their way to view data or run programs that they were not granted access to. They even dare to advertise their system as 'Unbreakable' in a world of US lawyers and UK advertising standards. I want that level of confidence in my Mac.
It is a real hack, believe it or not. Safari is installed on all macs. Comes standard with OSX and is the browser most OSX users use. So it is a completely valid hack.
If I found a hack for OSX I wouldn't tell everyone about it. In fact I wouldn't tell anyone about it. I'd let the OSX users carry on with their head in the sand and reap the benefits of my creation.
Yes, you can write a virus for OSX. The trick is getting it on the system with the permission to do it's thing. And as you put it, it would involve idiot users. Which would define a great deal of mac users with a false sense of security.
But then the same thing applies to Vista and 7. The only way to infect them is via a button pushing moron. OSX is no more secure.
If your "virus" requires a user to give it permission to do it's thing, it's not really a virus; it's just malware. A virus has to be able to install, run and self replicate without user interaction. Writing malware and tricking stupid people to run it is easy, but that's because operating systems are intentionally designed to be blind to the code a user wishes to run and stupid people do stupid things.
I'll never understand how buffer overflow attacks even get started.
Back when I was programming regularly in C, I'd use strlen() or strncpy() to check whether strings were within a limit and truncate it to a safe length, if necessary.
Are programmers these days too lazy to check string length before using it to execute potentially dangerous code? Or do they think that performance would suffer if they wasted clock cycles for safety?
My guess is that they mostly occur within (closed-source) libraries... If I use an API that refers to a closed library, I don't necessarily know what my buffer limitations are... In Microsoft's case, right through XP (which is still the majority of their install base), there are literally hundreds of legacy APIs, some of which are undocumented, some of which are part of legacy libraries that haven't been rewritten in a decade...
Quote:
I believe IE7 and IE8 run in a sandbox. And in Vista and Windows 7 the code couldn't execute without the users permission.
IE7 is sandbox-y, but still passes executable code to the kernel without user intervention or knowledge. I have no information on IE8. In Windows 6.0 ("Vista") and Windows 6.1 ("7"), most functions requiring administrator-level access require user intervention (also true on Unix operating systems, including OS X, though Windows 6.x waives the password requirement)-- but in every OS, it's possible by a variety of means to bypass these security features and gain superuser ("administrator" in Windows, "root" in unix) access without user intervention (or knowledge).
Such bypass methods are called "security vulnerabilities", and exist in every operating system ever devised. Windows 6.x is the first Windows version to offer a tool for user-intervention to grant superuser access to a process thread (the lack of this feature in previous Windows editions has a lot to do with why Windows in general and IE in particular has, historically, been stupidly easy to hijack: with no way to perform many reasonable and critical functions, like installing software, other than logging out and back in as an Administrator, Microsoft, their users, and their developers came up with a variety of workarounds, all of which created an opportunity to exploit...)
Quote:
Glad I caught this post before posting mine as it's dead on right. As much as I love the Mac and feel it's more secure I still have to realize that if Mac's owned 90% of the market we'd be seeing much of the same thing Windows users go through. Maybe less, but still much of the same. Attacks are less for a number of reason, but market share is definitely #1.
We can probably safely assume that greater market share will eventually result in greater effort from malware engineers-- but there's strong evidence that Mac OS X (like all other Unix variants) is actually harder to write malware for than Windows 5.x and below. It's probably a bit early in Windows 6.x's lifecycle to say if it's still harder to write malware for it, than for Unix (my guess is, still easier on Windows, but I personally can't say that with certainty).
Notably, for example, as Mac OS X pushes towards 10% of OS install base, we do NOT see anything like 10% (not even 1%, probably not even 0.1%) of malware install base on OS X.
Currently, Windows 6.x is estimated at 25% of the ~90% that's running Windows-- a total of about 22% of the install base, or a bit more than twice as many 6.x (Vista / Win7) machines as Mac OS X machines. I'll be interested to see if the malware install base continues to be proportionally higher on Win6x than on Mac OS X, as the 6x install base grows.
This article perfectly demonstrates what I consider to be a disappointingly smug attitude of many Apple users. Truth is that the Mac isn't currently targeted for attacks, not because it is inherently more secure than other operating systems, but because it isn't as large of a target and the potential payoff therefore isn't as great. Anybody that believes that their Mac is immune to exploits from security issues is living with their head in the sand. Everyone still needs to practice safe computing, i.e. staying away from potentially malicious web sites, not installing software that shouldn't be trusted, keeping our systems up to date with security patches, using a good quality router/firewall, etc. Just because there aren't any significant exploits in the wild today does NOT mean that the platform is immune. Windows didn't have significant security exploits in the wild once upon a time as well. It's really only a matter of time before someone decides that they want to create a Mac virus/worm. And anyone who believes that their computer is inherently immune is in for a very rude awakening at that point.
There also seems to be a fundamental misunderstanding of security here too. Posts like "you need a password to gain access to the machine" make this pretty clear. Security holes aren't security holes because you intentionally grant access to your machine (that's called social engineering, not an exploit), they're security holes because there is a fundamental coding problem in the underlying application/operating system. Most viruses and worms on Windows never asked for permission to be installed; they took advantage of flaws in a browser, application, or in Windows itself, even while users are logged on with non-administrative privileges. Requiring a username/password, or running as a non-admin user (while they may make exploits harder to find) grant a false sense of security; a computer is only as secure as its weakest link, and that link could be anywhere in the chain from browser plugin to operating system to device drivers and the kernel, or even the BIOS/EMI itself. The fact is that there are a lot of links in that chain that inherently have (and require) low level access to your computer, and an exploit in any one of those can potentially turn access to your entire machine over to whatever code happens to be attempting to run. Only the top few layers are protected by the user login. Just because you are logged on with a normal user account doesn't mean that there isn't code running on your computer that has access to everything, because the truth is that there is, and a heck of a lot of it. And an exploit in any of that code can grant access to everything. Just because you don't let someone through the front door of your home doesn't mean they can't come in another way.
So while it seems the majority of the people posting on this forum are dismissing this as insignficant, I believe it is a bit naive to do so. The fact remains that there are indeed exploitable security issues on every computing platform, and OS X is NOT immune. Just because it isn't actively being targeted, it doesn't mean that it is 100% safe. I certainly wouldn't be caught dead (pun intended) putting a Mac connected to the internet in control of launching nuclear weapons, anyway. This test demonstrates that all computing platforms have issues, whether Mac users choose to bury their heads in the sand or not.
You're missing the point entirely: most of us are angry at the fact of the manner in which the Windows biased media will report this. None of us are saying OS X or Safari are perfect, but given that the contest itself was biased against Mac and that the PCs were cracked not much longer after that pisses us all off given places like CNET will report that as " Macs inherently less secure that masrurbatorily awesome Windows 7 computers." It has nothing to do with Macs and all to do with idiotic media outlets who have no idea what fact checking means.
Why would you think anyone would give a shit about the opinion of someone who says "winblows" twice in one sentence?
MS specializes in making third-rate products. They are ripe for jokes and parody. Have fun with it.
MS' responsibility for the kind of gargantuan data loss over the span of more than a decade, thanks to their negligence on security, borders on criminal.
As far as I could read a machine is "owned" (according to the test rules) when a hacker is able to run his own code in the context of the browser. What does this say us? Nothing!
Each software, that gets installed by the users hand on his system has more rights and can cause more damage. (So look carefully where from you get your next printer driver or if this nice snowfall on the desktop is really necessary.)
The real question is: Is a hacker able to turn a machine into a bot zombie or can he gain file access or can he install background processes to spy passwords or other things due to the internet usage of its users?
We have millions of real world proves, that such is possible on Windows machines. But how about Linux or Unix based systems like the Mac? No real threats!
The argument: "These machines are not worth hacking due to their low market share." is also plain stupid. Linux is used for 50% of all web servers at least. Hacking them (for getting access to millions of website visitor data like passwords, addresses ...) could be very profitable. But the hackers try to hack the websites not the operating system.
For me this says way more than Pwn2own and makes my decision what operation system to use quite easy.
Right after he lined his own pockets far outside the normal run of business for a "security professional".
Look: taking in account how lazy Apple has been shown to be about patching security holes (it takes them years, sometimes!), I'd rather have him around to kill its complacency. That he is able to work on a exploit for weeks or months reflects very poorly on Apple, don't you think?
Plus you don't know if he and others don't pass Apple information about things like this regularly.
In addition to expanded sandboxing, the move to 64-bit computing will provide a series of other benefits related to security. Apple's 64-bit binaries set all writable memory as non-executable by default, including thread stacks, the heap, and any other writable data segments.
This is already present to an extent in today's Leopard Server, which runs some services, such as the Apache web server, as 64-bit processes. Using the vmmap command reveals that no memory allocated by these 64-bit apps is both writable and executable. On 32-bit Intel systems, while no memory is marked as both writable and executable, the legacy x86 processor design does not enforce the permissions bits, but 64-bit CPUs do. This feature prevents exploits from injecting malicious executable code into memory and tricking the app to run it as it if were its own instructions.
Another security weakness in the x86 architecture solved in the move to 64-bits is the use of registers for function call arguments. This makes exploits using return-into-libc techniques much more difficult. On 32-bit x86, function arguments are passed directly on the stack, so when an attacker has overwritten the stack segment, they can completely control the arguments passed to a function that they cause the compromised program to "return into," according to a security researcher.
The move to 64-bits also greatly enhances the Address Space Layout Randomization (ASLR) techniques used to secure Leopard. Currently, 32-bit binaries are restricted to a relatively small 4GB allocation, making it easier to predict useful addresses for malicious code to target. Additionally, Leopard keeps dyld, Mac OS X's dynamic loader (responsible for loading all of the frameworks, dylibs, and bundles needed by a process) in the same known location, making it relatively trivial to bypass the existing ASLR.
With the much larger address space available to 64-bit binaries, Snow Leopard's ASLR will make it possible to hide the location of loaded code like a needle in a haystack, thwarting the efforts of malicious attackers to maintain predictable targets for controlling the code and data loaded into memory. Without knowing what addresses to target, the "vast majority of these exploits will fail," the security expert explained.
For the hacker, it's good he used this freebie this year because it's days are over.
The important thing is a "good guy" found it the exploit and connect with Apple to fix it.
OS X is a tougher target than Windows, but it can never be bulletproof. Remember, it is BSD, and it has been the subject of attacks for years. There is a local junior college website that my wife does not get on with Windows, as it has been either attacked or mangled twice. No such issue with Linux or OS X.
OpenBSD seems to be the most "Locked Down" form of Unix for personal computers.
If it's an exploit in Safari, it's within WebKit, which is open source and thus gives the hacker months upon months of running edge case tests to find any and all exploits.
Now, instead of hardening up Webkit and submitting back to the community he goes to a hackfest to win a laptop. Now that's a real stud.
Fix the exploits and get a job with Apple Engineering. You'll get the laptop you want and paid well.
Conclusion: He's a Moron.
If the fault was just in Webkit, then Chrome would've been hacked quickly as well, but out of Firefox, Safari, and IE, it wasn't, so it is a Safari/OSX issue, (and FF and IE use different engines, obviously).
Comments
So unless they were hacking Safari 4 Beta, i don't see how its a fair comparison.
All this really goes to prove is that its the end user you need to be scared off. Today, its not really what Apple, Mozilla, or Microsoft do. Its really how you yourself are aware and protect your own computer. The Trojan on iWork further proved that, Apple users need to be just as aware when they visit websites and download unknown software as Microsoft users do. In addition social engineering such as phishing sites designed to steal your banking details do not differeintiate between browsers or operating systems.
Simply being able to run code outside the browser is plenty powerful enough ... as in delete all the user's files perhaps? Or if the hacker decides to run a program that pops up a window which looks exactly like Software Update and prompts you to enter an admin username/password ... game over.
I don't think that will work, apart from the difficulty of recreating an application in a realistic way (lots of subtle details) it must be created and launched. This throws up all kinds of hurdles for the hacker. The application must be signed to prevent a password request popup. And I suspect that signing cannot be done without elevated user rights and results in ... a password request.
It won't work to delete all files either. With time machine all files can be restored.
And ... no, the time machine database cannot be deleted even with elevated (root) access.
Not only that, since his identity isn't exactly a secret, Apple could offer him a job without him asking for it. If they don't, he has no obligation whatsoever to give Apple, or anybody else, the product of his work for free.
Amazing how using hard-earned knowledge to obtain something in return makes you a moron in the eyes of some people.
He has more of a risk being sued by Apple, if his exploit turns up in the wild.
A moron, I would say.
http://en.wikipedia.org/wiki/Witty_worm
And Mac OS X systems exist in much greater numbers than ISS firewalls ever did. If there was a vulnerability in Mac OS X that would lead to something as disruptive as Witty Worm was, then someone definitely would have taken advantage of it by now.
Better to compare with, say, an Oracle database, which is a system built on top of a unix platform as OSX is. I have never heard of someone logging into an Oracle session and hacking their way to view data or run programs that they were not granted access to. They even dare to advertise their system as 'Unbreakable' in a world of US lawyers and UK advertising standards. I want that level of confidence in my Mac.
The details of the exploit are not released until apple has patched this exploit. So yes, he is giving back to the community.
Right after he lined his own pockets far outside the normal run of business for a "security professional".
I found that:
1) No computer is 100% "secure."
2) I run Windows XP with commercial anti-virus/spyware and I can still get malware/slowdowns.
3) I ran Mac OS X stock and had no problems.
And:
4) I ran GNU/Linux, but IMHO it is not ready for the desktop.
It is a real hack, believe it or not. Safari is installed on all macs. Comes standard with OSX and is the browser most OSX users use. So it is a completely valid hack.
If I found a hack for OSX I wouldn't tell everyone about it. In fact I wouldn't tell anyone about it. I'd let the OSX users carry on with their head in the sand and reap the benefits of my creation.
Yes, you can write a virus for OSX. The trick is getting it on the system with the permission to do it's thing. And as you put it, it would involve idiot users. Which would define a great deal of mac users with a false sense of security.
But then the same thing applies to Vista and 7. The only way to infect them is via a button pushing moron. OSX is no more secure.
If your "virus" requires a user to give it permission to do it's thing, it's not really a virus; it's just malware. A virus has to be able to install, run and self replicate without user interaction. Writing malware and tricking stupid people to run it is easy, but that's because operating systems are intentionally designed to be blind to the code a user wishes to run and stupid people do stupid things.
I'll never understand how buffer overflow attacks even get started.
Back when I was programming regularly in C, I'd use strlen() or strncpy() to check whether strings were within a limit and truncate it to a safe length, if necessary.
Are programmers these days too lazy to check string length before using it to execute potentially dangerous code? Or do they think that performance would suffer if they wasted clock cycles for safety?
My guess is that they mostly occur within (closed-source) libraries... If I use an API that refers to a closed library, I don't necessarily know what my buffer limitations are... In Microsoft's case, right through XP (which is still the majority of their install base), there are literally hundreds of legacy APIs, some of which are undocumented, some of which are part of legacy libraries that haven't been rewritten in a decade...
I believe IE7 and IE8 run in a sandbox. And in Vista and Windows 7 the code couldn't execute without the users permission.
IE7 is sandbox-y, but still passes executable code to the kernel without user intervention or knowledge. I have no information on IE8. In Windows 6.0 ("Vista") and Windows 6.1 ("7"), most functions requiring administrator-level access require user intervention (also true on Unix operating systems, including OS X, though Windows 6.x waives the password requirement)-- but in every OS, it's possible by a variety of means to bypass these security features and gain superuser ("administrator" in Windows, "root" in unix) access without user intervention (or knowledge).
Such bypass methods are called "security vulnerabilities", and exist in every operating system ever devised. Windows 6.x is the first Windows version to offer a tool for user-intervention to grant superuser access to a process thread (the lack of this feature in previous Windows editions has a lot to do with why Windows in general and IE in particular has, historically, been stupidly easy to hijack: with no way to perform many reasonable and critical functions, like installing software, other than logging out and back in as an Administrator, Microsoft, their users, and their developers came up with a variety of workarounds, all of which created an opportunity to exploit...)
Glad I caught this post before posting mine as it's dead on right. As much as I love the Mac and feel it's more secure I still have to realize that if Mac's owned 90% of the market we'd be seeing much of the same thing Windows users go through. Maybe less, but still much of the same. Attacks are less for a number of reason, but market share is definitely #1.
We can probably safely assume that greater market share will eventually result in greater effort from malware engineers-- but there's strong evidence that Mac OS X (like all other Unix variants) is actually harder to write malware for than Windows 5.x and below. It's probably a bit early in Windows 6.x's lifecycle to say if it's still harder to write malware for it, than for Unix (my guess is, still easier on Windows, but I personally can't say that with certainty).
Notably, for example, as Mac OS X pushes towards 10% of OS install base, we do NOT see anything like 10% (not even 1%, probably not even 0.1%) of malware install base on OS X.
Currently, Windows 6.x is estimated at 25% of the ~90% that's running Windows-- a total of about 22% of the install base, or a bit more than twice as many 6.x (Vista / Win7) machines as Mac OS X machines. I'll be interested to see if the malware install base continues to be proportionally higher on Win6x than on Mac OS X, as the 6x install base grows.
This argument can go on for ages.
I found that:
1) No computer is 100% "secure."
2) I run Windows XP with commercial anti-virus/spyware and I can still get malware/slowdowns.
3) I ran Mac OS X stock and had no problems.
And:
4) I ran GNU/Linux, but IMHO it is not ready for the desktop.
As an 8-year veteran in IT, I say only:
QFT on all counts!
This article perfectly demonstrates what I consider to be a disappointingly smug attitude of many Apple users. Truth is that the Mac isn't currently targeted for attacks, not because it is inherently more secure than other operating systems, but because it isn't as large of a target and the potential payoff therefore isn't as great. Anybody that believes that their Mac is immune to exploits from security issues is living with their head in the sand. Everyone still needs to practice safe computing, i.e. staying away from potentially malicious web sites, not installing software that shouldn't be trusted, keeping our systems up to date with security patches, using a good quality router/firewall, etc. Just because there aren't any significant exploits in the wild today does NOT mean that the platform is immune. Windows didn't have significant security exploits in the wild once upon a time as well. It's really only a matter of time before someone decides that they want to create a Mac virus/worm. And anyone who believes that their computer is inherently immune is in for a very rude awakening at that point.
There also seems to be a fundamental misunderstanding of security here too. Posts like "you need a password to gain access to the machine" make this pretty clear. Security holes aren't security holes because you intentionally grant access to your machine (that's called social engineering, not an exploit), they're security holes because there is a fundamental coding problem in the underlying application/operating system. Most viruses and worms on Windows never asked for permission to be installed; they took advantage of flaws in a browser, application, or in Windows itself, even while users are logged on with non-administrative privileges. Requiring a username/password, or running as a non-admin user (while they may make exploits harder to find) grant a false sense of security; a computer is only as secure as its weakest link, and that link could be anywhere in the chain from browser plugin to operating system to device drivers and the kernel, or even the BIOS/EMI itself. The fact is that there are a lot of links in that chain that inherently have (and require) low level access to your computer, and an exploit in any one of those can potentially turn access to your entire machine over to whatever code happens to be attempting to run. Only the top few layers are protected by the user login. Just because you are logged on with a normal user account doesn't mean that there isn't code running on your computer that has access to everything, because the truth is that there is, and a heck of a lot of it. And an exploit in any of that code can grant access to everything. Just because you don't let someone through the front door of your home doesn't mean they can't come in another way.
So while it seems the majority of the people posting on this forum are dismissing this as insignficant, I believe it is a bit naive to do so. The fact remains that there are indeed exploitable security issues on every computing platform, and OS X is NOT immune. Just because it isn't actively being targeted, it doesn't mean that it is 100% safe. I certainly wouldn't be caught dead (pun intended) putting a Mac connected to the internet in control of launching nuclear weapons, anyway. This test demonstrates that all computing platforms have issues, whether Mac users choose to bury their heads in the sand or not.
You're missing the point entirely: most of us are angry at the fact of the manner in which the Windows biased media will report this. None of us are saying OS X or Safari are perfect, but given that the contest itself was biased against Mac and that the PCs were cracked not much longer after that pisses us all off given places like CNET will report that as " Macs inherently less secure that masrurbatorily awesome Windows 7 computers." It has nothing to do with Macs and all to do with idiotic media outlets who have no idea what fact checking means.
Why would you think anyone would give a shit about the opinion of someone who says "winblows" twice in one sentence?
MS specializes in making third-rate products. They are ripe for jokes and parody. Have fun with it.
MS' responsibility for the kind of gargantuan data loss over the span of more than a decade, thanks to their negligence on security, borders on criminal.
Each software, that gets installed by the users hand on his system has more rights and can cause more damage. (So look carefully where from you get your next printer driver or if this nice snowfall on the desktop is really necessary.)
The real question is: Is a hacker able to turn a machine into a bot zombie or can he gain file access or can he install background processes to spy passwords or other things due to the internet usage of its users?
We have millions of real world proves, that such is possible on Windows machines. But how about Linux or Unix based systems like the Mac? No real threats!
The argument: "These machines are not worth hacking due to their low market share." is also plain stupid. Linux is used for 50% of all web servers at least. Hacking them (for getting access to millions of website visitor data like passwords, addresses ...) could be very profitable. But the hackers try to hack the websites not the operating system.
For me this says way more than Pwn2own and makes my decision what operation system to use quite easy.
Right after he lined his own pockets far outside the normal run of business for a "security professional".
Look: taking in account how lazy Apple has been shown to be about patching security holes (it takes them years, sometimes!), I'd rather have him around to kill its complacency. That he is able to work on a exploit for weeks or months reflects very poorly on Apple, don't you think?
Plus you don't know if he and others don't pass Apple information about things like this regularly.
So was Chrome. Nobody needs it, or WebKit evolved so much since what was in Safari 3?
http://www.appleinsider.com/articles...ty.html&page=2
Security in 64-bit Snow Leopard
In addition to expanded sandboxing, the move to 64-bit computing will provide a series of other benefits related to security. Apple's 64-bit binaries set all writable memory as non-executable by default, including thread stacks, the heap, and any other writable data segments.
This is already present to an extent in today's Leopard Server, which runs some services, such as the Apache web server, as 64-bit processes. Using the vmmap command reveals that no memory allocated by these 64-bit apps is both writable and executable. On 32-bit Intel systems, while no memory is marked as both writable and executable, the legacy x86 processor design does not enforce the permissions bits, but 64-bit CPUs do. This feature prevents exploits from injecting malicious executable code into memory and tricking the app to run it as it if were its own instructions.
Another security weakness in the x86 architecture solved in the move to 64-bits is the use of registers for function call arguments. This makes exploits using return-into-libc techniques much more difficult. On 32-bit x86, function arguments are passed directly on the stack, so when an attacker has overwritten the stack segment, they can completely control the arguments passed to a function that they cause the compromised program to "return into," according to a security researcher.
The move to 64-bits also greatly enhances the Address Space Layout Randomization (ASLR) techniques used to secure Leopard. Currently, 32-bit binaries are restricted to a relatively small 4GB allocation, making it easier to predict useful addresses for malicious code to target. Additionally, Leopard keeps dyld, Mac OS X's dynamic loader (responsible for loading all of the frameworks, dylibs, and bundles needed by a process) in the same known location, making it relatively trivial to bypass the existing ASLR.
With the much larger address space available to 64-bit binaries, Snow Leopard's ASLR will make it possible to hide the location of loaded code like a needle in a haystack, thwarting the efforts of malicious attackers to maintain predictable targets for controlling the code and data loaded into memory. Without knowing what addresses to target, the "vast majority of these exploits will fail," the security expert explained.
For the hacker, it's good he used this freebie this year because it's days are over.
OS X is a tougher target than Windows, but it can never be bulletproof. Remember, it is BSD, and it has been the subject of attacks for years. There is a local junior college website that my wife does not get on with Windows, as it has been either attacked or mangled twice. No such issue with Linux or OS X.
OpenBSD seems to be the most "Locked Down" form of Unix for personal computers.
If it's an exploit in Safari, it's within WebKit, which is open source and thus gives the hacker months upon months of running edge case tests to find any and all exploits.
Now, instead of hardening up Webkit and submitting back to the community he goes to a hackfest to win a laptop. Now that's a real stud.
Fix the exploits and get a job with Apple Engineering. You'll get the laptop you want and paid well.
Conclusion: He's a Moron.
If the fault was just in Webkit, then Chrome would've been hacked quickly as well, but out of Firefox, Safari, and IE, it wasn't, so it is a Safari/OSX issue, (and FF and IE use different engines, obviously).