Miller had a different vulnerability in his pocket that he would have used to hack Safari at Pwn2Own had he drawn a higher spot in that part of the contest. But a team from the French security company Vupen, which had the first crack, broke Safari and hijacked a MacBook Air to win the $15,000 prize with a different bug.
The second day of Pwn2Own, Miller and Blazakis exploited the QuickLook bug in iOS and walked off with their own check for $15,000.
HP TippingPoint's Zero Day Initiative (ZDI) bug bounty program sponsored Pwn2Own and paid out the cash prizes. TippingPoint purchases vulnerabilities and exploits used at the contest, then reports them to vendors. It gives companies six months to patch a flaw before going public with any technical information.
The update to Mac OS X 10.6.7 fixed several non-security bugs, including issues in the AirPort Wi-Fi driver, and offered numerous enhancements, such as a reliability improvement to MobileMe's Back to Mac remote access technology.
Users of new MacBook Pro notebooks also received a fix that Apple said would "improve graphics stability and external display compatibility" in the laptops, Apple's first to boast processors from Intel's new Sandy Bridge line.
Apple's support forum has been flooded with complaints that the new MacBook Pros lock up when stressed by graphics processing chores.
Mac OS X 10.6.7 and the separate 2011-001 security update for Leopard can be downloaded at the Apple site or installed using the operating system's integrated update service.
The update downloads weigh in between 241MB and 475MB for the client versions of Snow Leopard and Leopard.
Sign up for Computerworld eNewsletters.