At the 2011 annual CanSecWest Pwn2Own contest a team from France successfuly hijacked a fully patched version of Mac OS X 64-bit
Within five seconds of surfing to the rigged site,VUPEN co-founder Chaouki Bekrar had successfully launched Apple’s calculator app and had written a file on the disk without crashing the browser.
Bekrar said the vulnerability exists in WebKit, the open-source browser rendering engine
VUPEN won a $15,000 cash prize and an Apple MacBook Air 13″ running Mac OS X Snow Leopard.
Interstingly, on the same day as the challenge Apple released two major security updates for Safari and iOS to fix more than 60 vulnerabilities that could be used to hijack Windows, Mac OS X or iPhone/iPod Touch devices. Apple (like Google and Mozilla) now releases browser updates ahead of Pwn2Own.
More details: