It appears that most of these attacks relied on exploiting the unfortunate design of C, which makes manual memory management the default and safe, managed memory the special case. It should be the reverse. Speed will always matter, but you don't have to use risky, manual memory mgt everywhere to get speed; you just need it in the few spots where it makes a difference.<p>In the majority of places in your code, manual memory management gives you no benefit but does expose you to a possible vulnerability if you make a mistake. If the default, lazy option were to let the well-tested runtime do the job for you, yet you could do a little extra work and get manual override wherever you wanted, and manual override everywhere brought you essentially back to C, I think we would have much safer code without a noticeable loss of performance.<p>Edit: I just realized in the shower that I was saying "memory management" when I meant direct "memory manipulation" more generally. I'm including arrays accessed by memory address rather than by bounds-checked index, pointer arithmetic, etc., not just malloc and free.
Looks like day 2 happened already and had some pretty good exploits:<p><a href="http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/" rel="nofollow">http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-...</a>
<i>At Pwn4Fun, Google delivered a very impressive exploit against Apple Safari launching Calculator as root on Mac OS X.</i><p>I'll bet it was ocspd they exploited. The CRL handling code in libsecurity is awful, and ocspd runs as root without a sandbox profile.
What this shows is that if you are using a machine connected to the internet, assume you have been rooted. If you are paranoid, do all of your surfing in a VM over Tor and reset that VM state after every launch.