At this week's Pwn2Own hacking contest, a group calling itself the Chinese Keen Team successfully used two vulnerabilities to run arbitrary code through Safari, according to ThreatPost
. The exploit is reported to have been executed via a flaw in Safari's WebKit engine and a bypass of the sandboxing in recent versions of OS X. One member of Keen, Liang Chen, comments however that OS X is "regarded as very safe and has a very good security architecture," and that what vulnerabilities there are are "very difficult to exploit."
Representatives from Apple were in attendance at Pwn2Own, and are said
to have been informed of the exploits Keen used. Apple will likely incorporate fixes in the next updates for Safari and/or OS X. Other apps targeted at Pwn2Own events have included Chrome, Firefox, Flash, Adobe Reader, and Internet Explorer. All major web browsers eventually succumbed
during this year's contest.