Safari 3.1 vulnerability - MacBook Air Hacked In Two Minutes

Tipping Point sponsored a head-to-head contest between laptops using Vista, Linux (Ubuntu distribution), and OS 10.5 recently. The vulnerabilty found was shared privately with Apple so that it can be corrected before exploits develop in the wild.  While I consider OS 10.x well designed and a fairly secure OS, the overall security of any product is only as strong as it's weakest link.  Hopefully both the Mac and Windows vulnerabilities in Safari 3.1 will be corrected expediently. 

Safari 3.1 vulnerability - MacBook Air Hacked In Two Minutes
http://www.informationweek.com/news/showArticle.jhtml?articleID=207000434
http://dvlabs.tippingpoint.com/blog/2008/03/28/pwn-to-own-final-day-and-wrap-up

QUOTE: Security researchers from Independent Security Evaluators managed to hack a MacBook Air using a zero-day vulnerability in Apple's Safari 3.1 Web browser. The undisclosed vulnerability in Safari 3.1 has been shown to Apple and no further information about it will be revealed until Apple can issue an update, TippingPoint said.

Contest participants had their choice of trying to hack an Apple MacBook Air running OS X 10.5.2, a Sony Vaio VGN-TZ37CN running Ubuntu 7.10, or a Fujitsu U810 running Vista Ultimate SP1. During the first day, when attacks were limited to network attacks on the operating system, no one managed to compromise any of the systems.

In a blog post on Friday, TippingPoint said, "Since the Vista and Ubuntu laptops are still standing unscathed, we are now opening up the scope of the targets beyond just default installed applications on those laptops; any popular third-party application (as deemed 'popular' by the judges) can now be installed on the laptops for a prize of $5,000 upon a successful compromise."