Mac hacker Charles Miller to reveal 20 zero-day security holes in OS X
Think your Mac is safe because it’s not running Windows? Apple ads might say so, but a quick chat with Charles Miller would probably have you thinking differently. Miller is an Apple security expert (and former National Security Agency employee) who took down a MacBook Air in just 2 minutes using vulnerabilities in Apple’s web browser, Safari– earning him top honors in the 2008 PWN2OWN competition.
Now Charlie’s back with a vengeance, promising to reveal over 20 new zero day security holes in the latest version of Mac OS X, Snow Leopard, at the upcoming CanSecWest conference. According to Miller, “OS X has a large attack surface consisting of open source components, closed source third-party components and closed source Apple components; bugs in any of these types of components can lead to remote compromise.”
Miller also goes on to say that “Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town.” Apple users are “safer” because much fewer people are trying to compromise OS X, but they’re actually “less secure,” he says. Miller goes on to say that Apple is quite complacent about security– that it “will not think it has a security problem until it affects [the company’s] bottom line, which hasn’t been the case, yet.”