Annual competition Pwn2Own gathers some of the best hackers in the world who present various exploits with the help of which they can exploit the most used software programs in the world. In this year's edition, the browser Safari of those in Apple Lossless Audio CODEC (ALAC), was exploited easily by a team of hackers, winning a $40.000 prize based on the vulnerability used. The group used two separate exploits to Safari, one vulnerability being a heap overflow in Webkit, the second vulnerability allowing them to run unsigned code with administrator privileges.
I think the Webkit fix will be relatively easy. The system-level vulnerability is related to how they designed the application; it may be more difficult for them. For Apple, the OS is regarded as very safe and has a very good security architecture. Even if you have a vulnerability, it's very difficult to exploit. Today we demonstrated that with some advanced technology, the system is still able to be pwned. But in general, the security in OS X is higher than other operating systems.
Despite the ease with which Safari was exploited, the vulnerability can be repaired just as easily by the Apple company, but the one regarding running unsigned code would be much more complicated. The interesting part is that hackers have recognized the fact that OS X has a much better security system than that of competing operating systems, it can be exploited, but the degree of difficulty is much higher than in the case of its direct competitor, Windows- the
