Apple's Safari among browsers taken down at Pwn2Own day 2: "South Korean security researcher Jung Hoon Lee toppled Safari with a use-after-free vulnerability, according to Threatpost. Lee was then able to bypass Safari's sandbox thanks to an uninitialized stack pointer, with the combined exploits netting him some $50,000 in prize money."

It's unfortunate, but the lazy code of browser-writers penalize everyone else who must spend months reworking application software to work within the confines of increasingly restrictive security sandboxes.

It's the browser. And apps that thinly wrap the browser (read: Facebook).

Labels: app security, security flaw