∞ Hacker plans to reveal 30 Apple security flaws

Written by

Charlie Miller said he will reveal 30 security flaws he found with Apple’s Preview application at the CanSecWest security conference. Twenty of the flaws were found in the way Apple’s Preview app handles PDF documents. Unfortunately, because Safari uses the same code, he says a computer can be hacked using a malicious Web page too. Miller will demonstrate the flaws, but hasn’t decided whether or not to tell Apple.

He’s also considering keeping the details of his bugs secret and watching to see how long it takes the software vendors to patch them after his Vancouver talk. While that would leave users vulnerable to the secret vulnerabilities he’s found, Miller says it could also help reveal more about just what software companies are doing–or not doing–to patch their products’ flaws.

Researcher Will Expose 20 Hackable Apple Security Flaws [Forbes]


  • LogarithmicPig

    Charlie Miller, the Barney Fife of computer security.

  • Eric

    This guy is an attention-grabbing scumbag. His grandstanding trick this year? Maybe he won't tell vendors of the vulnerabilities. (They probably have people at the event.) I wonder what attention-grabbing trick he'll use next year to keep people's attention on himself?

  • http://intensedebate.com/people/khaled_a khaled_a

    He didn't notify Apple? So much for white hat hackers.

  • Perry Clease

    "Charlie Miller, the Barney Fife of computer security."

    Well he is probably quite competent, but I am with Eric in thinking that he is an attention whore. Find the flaws, tell Apple in confidence and then feel good about yourself because you did the noble thing. Have you all noticed that in the recent Apple Security updates they gave credit to the people and organizations that found the holes that were fixed.

  • LogarithmicPig

    Charlie Miller's the Barney Fife of computer security, because he has an over-developed sense of self-importance.

  • James

    In the past, I've defended this guy because he was mostly responsible. It sounds like he has decided that a small bit of fame (infamy) is more important than his reputation now. That's pretty sad.

    • http://twitter.com/tewha @tewha

      Responsible? He takes his payments at contests rather than malware, but I can't help but wonder if that's just because the contests pay better on the Mac.

  • Mike

    I thought Macs were secure?

  • http://twitter.com/Moeskido @Moeskido

    How many free computers has this guy won at security "conferences"?

  • http://intensedebate.com/people/jdalrymple Jim Dalrymple

    LOL!