from securityfocus.com

Vancouver, CANADA — In the first attempted attack in the PWN2OWN contest, a security analyst breached the defenses of Apple’s Mac OS X using a bug in the Safari browser and won $10,000 as well as the computer that he compromised.

Charlie Miller, principal analyst with Independent Security Evaluators and the researcher who found some significant flaws in Apple’s iPhone last summer, compromised the Apple MacBook Air in less than a minute. While he refrained from describing the flaw, SecurityFocus learned that the issue affected the Safari browser. Contest officials said that the MacBook Air was running the latest version of Mac OS X, version 10.5.2 or “Leopard.”

Miller — and two colleagues from ISE, Jake Honoroff and Mark Daniel — worked on the code for exploiting the security issue for about three weeks, he told SecurityFocus.

“I was sort of looking for a while, but as soon as we started looking in a particular (code) area, it didn’t take too long,” Miller said.