TippingPoint's Peter Vreugdenhil said the browsers were "frozen" two weeks before today's tip-off with the then-current versions of Safari, 's Chrome 9, 's IE8 and Mozilla's Firefox 3.6, to give researchers a stationary target.

"Exploit development does sometimes rely on certain versions and that is the reason we have frozen the devices," Vreugdenhil said in an e-mail today.

But the Safari patches still had a part to play in Vupen winning. If the vulnerability used by Vupen to hack Safari had been fixed in 5.0.4, TippingPoint would not have awarded the $15,000 prize.

Instead, the money would have gone to the first researcher who exploited the "frozen" version of Safari -- 5.0.3 was on the MacBook Air -- using a bug still present in today's update.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at or subscribe to . His e-mail address is .