Over the past few days, the researchers have been quietly adding new software to the toolkit, used by security researchers and criminals alike. Metasploit already supported Mac attacks, but until recently the Mac code hadn't been as good as Metasploit's Windows and Linux tools, said Dino Dai Zovi, an independent security researcher who talked about the new tools with his collaborator Charlie Miller at the CanSecWest conference Friday. "Our goal was to make Mac OS X a first-class target for Metasploit."

Metasploit is an open-source toolkit that makes it easy for hackers to launch a barrage of attacks against a computer system.

Miller and Dai Zovi earned fame in previous years for hacking Macintosh computers at CanSecWest's annual Pwn2Own hacking contest. On Wednesday, Miller, a researcher with Independent Security Evaluators, won US$5,000 and a Mac laptop by using a previously unknown Safari vulnerability to hack into a Mac system.

The hack was done before contest organizers. In an interview, Miller said he had hoped to demonstrate it before an audience at CanSecWest, but was prevented from doing so because of Pwn2Own contest rules, which prohibit public discussion of bugs exploited in the contest.

Miller and Dai Zovi say their work is designed to bring attention to serious security problems in the Mac platform, which has largely avoided the wide-scale attacks that have plagued Windows for years. Dai Zovi said he considers the Mac safe, but not secure. "There's a difference between safety and security," he said. "It's like leaving your door unlocked. ... Leaving your door unlocked is always insecure, but it may or may not be safe."