Charlie Miller (right), the security researcher who won last year’s Pwn2Own hacker contest, is predicting that Apple’s Safari browser will be the easiest target this year.
In a note posted on the popular Daily Dave mailing list, Miller describes Safari as “easy pickin’s” and forecasts that at least four zero-day Safari flaws will be used during the contest at CanSecWest later this month.
This year’s contest will pit hackers against browsers and smart phones with Internet Explorer, Firefox, Safari, Opera and Chrome among the high-profile targets. It will also include attacks against fully patched BlackBerry, Android, iPhone, Symbian and Windows Mobile phones in their default configurations.
Here are Miller’s predictions:
Safari: hacked by 4 different people. Easy pickin’s as usual.
Android: hacked by 1 person. Not too tough but no one owns one.
IE8, Firefox: Survive unscathed. The bugs to exploit equation is too hard for $5k.
iPhone, Symbian: Survive due to non-executable heap.
Blackberry, Windows Mobile, Chrome: I don’t know enough to say anything intelligent. That said, they’re probably hard/obscure and so survive.
TippingPoint ZDI has more information on the rules and targets for this year’s contest.