|
PWN to OWN exploit 1 year old |
|
Written by Chris Tangora
|
|
Tuesday, 22 April 2008 |
 Turns out the exploit used in the CanSecWest PWN to OWN zero day hack contest was known for about a year. The bug was routed in the version of Perl used by Safari. Perl had been aware of it for a year, but Apple never kept up to date with the releases or patches, so the exploit stayed open until last week.
Miller (who won the $10,000 & a MacBook Air) said he was not going to return the prize money, as he found it independent of the documented Perl exploit. This does bring up one of things that I think Apple does a bad job of, keeping up to date with the versions of open-source software that comes standard. PHP and Perl are just a few that lag behind current standards, and this exploit shows that Apple is not interested (right now) at keeping it's already installed software patched.
From PCWorld.com via Yahoo News
|
