Analyst Uncovers 20 Security-related Flaws in Safari

Charlie Miller, founder of Independent Security Evaluators, claims to have found 20 flaws in Safari and Preview that could potentially let a hacker gain control over someone’s Mac, and he plans to show off his findings at the CanSacWest security conference starting on March 24, according to Forbes. Mr. Miller is known for hacking Macs in the conference’s annual Pwn2Own competition.

The flaws use a specially crafted PDF document to exploit security holes in Preview’s PDF rendering engine, which is also used in the Safari Web browser. An attacker could include such a PDF in a Web site to crash Safari and potentially gain access to the user’s Mac.

Mr. Miller isn’t revealing the flaws or how they work just yet — not even to Apple. He’ll likely use what he’s discovered during this year’s Pwn2Own competition, and he’s also considering keeping his research from Apple to see how long it takes the company to find and patch the flaws.

“The moral of the story is that if Apple wants to keep its products secure, it needs to be doing what I’m doing,” he said. “I’m one guy working out of my house. I shouldn’t be able to find bugs like these, ever.”