Safari安全漏洞數秒鐘就被駭

...Miller表示，他去年發現這個安全漏洞，可讓駭客自遠端掌控一台電腦，只要促使電腦使用者點擊某個惡意網站的URL即可得逞。

他一邊示範一邊說：「這不容易，但這(用Safari瀏覽器)點擊一下就辦到了。」 ...




The Pwn2Own trifecta: Safari, IE 8, and Firefox exploited on day 1

That didn't take long. One day into the Pwn2Own hacking competition at CanSecWest and already Apple, Microsoft, and Mozilla have been sent packing to their respective labs to work on security issues in their browsers. In a repeat performance, Charlie Miller pocketed a $5,000 cash prize and a fully-patched MacBook by splitting it wide, and gaining full control of the device after a user clicked on his malicious link. Another white-hatter by the name Nils (pictured) toppled Internet Explorer 8 running on a Windows 7 laptop -- again, the five grand and compromised VAIO P laptop are now his to keep as compensation for turning over the malicious code. So much for "protection that no other browser can match," eh Mr. Ballmer? Nils then demonstrated a second Safari exploit before hacking Firefox later in the afternoon netting him a cool $15k by the close of day one. Only Google's Chrome was left unscathed -- Opera isn't part of the contest. This year's contest will also offer a $10,000 prize for every vulnerability successfully exploited in Windows Mobile, Android, Symbian, and the iPhone and BlackBerry OSes. In other words: this contest that runs through Friday isn't over by any stretch.

[Via ZDNet ]




假不死你感覺如何了,感覺如何了