Charlie Miller said he will reveal 30 security flaws he found with Apple’s Preview application at the CanSecWest security conference. Twenty of the flaws were found in the way Apple’s Preview app handles PDF documents. Unfortunately, because Safari uses the same code, he says a computer can be hacked using a malicious Web page too. Miller will demonstrate the flaws, but hasn’t decided whether or not to tell Apple.
He’s also considering keeping the details of his bugs secret and watching to see how long it takes the software vendors to patch them after his Vancouver talk. While that would leave users vulnerable to the secret vulnerabilities he’s found, Miller says it could also help reveal more about just what software companies are doing–or not doing–to patch their products’ flaws.