ZDNet reports a fully-patched MacBook with Apple's Safari browser was hacked in a couple of seconds at Pwn2Own 2009 by Charlie Miller. Technical details about the vulnerability he exploited will be released when a patch is ready.
“It took a couple of seconds. They clicked on the link and I took control of the machine,” Miller said moments after his accomplishment.
The contest kicked off at exactly 3:15 PM and, within seconds, Miller launched his drive-by attack and claimed the $10,000 top prize. He also got to keep the MacBook machine.
Miller said he came to the CanSecWest security conference with a plan to hack into Safari and had tested the exploit carefully to ensure “it worked the first time.”
Microsoft's new Internet Explorer 8 browser and Mozilla's Firefox were also hacked at the security event. A security researched nicknamed "Nils" first did his magic on IE8, afterwards he exploited Apple's Safari and in the afternoon he took over a Firefox system as well.