Now, as it is, you could still do a lot of damage (deleting the users home directory) from getting control of a user level process, but Snow Leopard – correctly comparable with Windows 7 – implements the process sandboxing introduced in Leopard – which would significantly reduce the damage that could be done.

“But Miller, who regularly roots out Mac and iPhone vulnerabilities and is perhaps best-known for walking away with a $10,000 prize for hacking a MacBook Air laptop in under two minutes last March, pooh-poohed Apple’s recommendation using the same logic as many longtime users.

“Windows has 90% of the market, but [attackers] give it 100% of their time,” he said, echoing the idea that hackers target the largest pool of victims.

Criticizing security software for its cost — both in dollars and in the processor cycles it consumes — Miller admitted that he doesn’t bother running any on his Macs. “I don’t think it protects me as well as it says,” he argued. “If I was worried about attacks, I would use it, but I’m not worried.”

What version of Safari was used???

I find it very hard to believe that as the reports suggest, he had “full control of the machine” in a few seconds, because you need sudo access to have full control over the entire machine, as opposed to merely taking control of the account. Sure, it may have been running under an administrator account (not wise online, that’s for sure!), but certain actions still require entering the administrator’s password to accomplish, but the coverage doesn’t cover things that deeply, though at least it did mention that the guy stated he practiced the exploit until he was 100% sure it’d work every time: again, it was really a contest to show what I stated above, with typing speed being a paramount differentiator. It wouldn’t even matter which platform: the one that’s hit first with the fastest typist that has a known-good exploit will likely go down first.