Browser security is always a hot issue and of course all sides claim their browser is better (like kids in a playground). The security of three popular browsers was put to the tech recently at Pwn2Own 2009, a competition where hackers attempt to break system security in the fastest time.
Charlie Miller took home the top prize ($10,000) when he hacked a fully patched MacBook Air in a matter of seconds. He did this by exploiting a know vulnerability in Safari. The hack was performed by the MacBook's user clicking a simple link. Miller also made predictions before the competition that are shown below. They are surprisingly accurate.
The second place winner showed off a second Safari Hack and was able to hack both IE8 and FireFox but not as quickly as Safari and Miller. Apple has a long standing history of claiming to be more secure than Windows especially Vista; I wonder how they are taking this news.
Be on the lookout for a new commercial.
Read more here
Here are Miller's predictions:
Safari: hacked by 4 different people. Easy pickin's as usual.
Android: hacked by 1 person. Not too tough but no one owns one.
IE8, Firefox: Survive unscathed. The bugs to exploit equation is too hard for $5k.
iPhone, Symbian: Survive due to non-executable heap.
Blackberry, Windows Mobile, Chrome: I don't know enough to say anything intelligent. That said, they're probably hard/obscure and so survive.
Last year, Miller exploited a Safari flaw to hijack a fully patched MacBook Pro machine. He is also known for launching successful attacks against Apple's iPhone and Google's Android platform.