Contest organizer Aaron Portnoy, who is the security research team lead with 3Com TippingPoint, the sponsor of Pwn2Own, told Computerworld's Gregg Keizer that:
"Safari will be the first to go. [Safari will] be on Snow Leopard, which isn't on the same level as Windows 7."Last year at the contest, it took only five seconds for a security researcher to hijack a Mac by hacking in through Safari. The year previous, it took less than two minutes to hack in to a Macbook Air --- and once again, Safari proved to be the security hole.
Mac users have long claimed that the Mac is more secure than Windows-based systems because of the large number of viruses, Trojans and other malware that can infect Windows PCs. Many Windows users counter that there is more malware aimed at Windows because that's where the users and the money is. Writing malware for the Mac, they argue, simply isn't worth the effort because of the Mac's relatively small market share. And they point out that Windows systems have been more secure than Mac ones at the Pwn2Own hacking contest.
Not all hackers agree that Windows 7 is more secure than Snow Leopard. Security researcher Charlie Miller, who at the contest hacked into the Mac via Safari the last two years, says that Snow Leopard is as secure as Windows 7, although he adds that Safari is slightly more vulnerable than Windows-based browsers. He told Keizer:
"Unlike previous years, I'd say Safari isn't significantly easier than the browsers on Windows. I say this because Snow Leopard finally has DEP [Data Execution Prevention]. Also, because at Black Hat DC, Dion Blazakis showed how to defeat DEP in [Windows] browsers. The only difference is that Safari has a bigger attack surface, and includes, for example a PDF reader (Preview) and Flash."Who is right? One way to tell will be at the upcoming Pwn2Own contest --- I'll have details when it happens.