Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 5, 2013, 08:00 AM   #151
coolspot18
macrumors 6502a
 
Join Date: Aug 2010
[QUOTE=gnasher729;16789381
And that's total nonsense. This is a bug that is very, very hard to detect. Mountain Lion has been shipping for many months without anyone complaining. It is entirely possible that the same kind of problem exists on Windows, except nobody found it.[/QUOTE]

No it's not - I can't recall the last time Windows can be crashed by merely typing a string. Considering this error is thrown by an assertion within the DataDetector, some programmer thought that this scenario could possibly occur.
coolspot18 is offline   0 Reply With Quote
Old Feb 5, 2013, 08:17 AM   #152
Bubba Satori
macrumors 68040
 
Bubba Satori's Avatar
 
Join Date: Feb 2008
Location: B'ham
Quote:
Originally Posted by gnasher729 View Post
Mountain Lion has been shipping for many months without anyone complaining.
It is entirely possible that the same kind of problem exists on Windows, except nobody found it.
First Prize.

Congrats.
Bubba Satori is offline   1 Reply With Quote
Old Feb 5, 2013, 08:24 AM   #153
SlCKB0Y
macrumors 68020
 
Join Date: Feb 2012
Location: Sydney, Australia
Quote:
Originally Posted by gnasher729 View Post
Once it's crashed, it's crashed, and it is impossible to do any harm. In this particular situation, the bug that is there will _always_ crash the application, so it cannot be exploited. In other cases, if a hacker finds a way to crash an app, he or she can then try to find a way to make the app do things the hacker wants it to do instead of crashing. There may be a way to do this, or there may not.
In plenty of instances the point of the exploit is to crash whatever service you're targeting with the object being that you (or your script/software) gets dropped in a terminal without requiring any authentication. Once this occurs you are free to run commands from the terminal with the same privilege level that the service was previously running with.

Last edited by SlCKB0Y; Feb 5, 2013 at 08:32 AM.
SlCKB0Y is offline   0 Reply With Quote
Old Feb 5, 2013, 09:48 AM   #154
msandersen
macrumors regular
 
Join Date: Jan 2003
Location: Sydney, Australia
Send a message via AIM to msandersen
My smartass brother sent this to me via iMessage, I heard my phone so tried opening Messenger on the Macbook. Crash. Left it at that as I was busy anyway. Later he rang and asked if I'd opened the message. Oh great! I could sense him grinning, and I knew what had happened. The iPhone can show it, so no data detector or whatever is causing it there. I turned on the iMac and checked Messages, and it crashed as soon as I opened it. Thanks a lot brother-of-mine!
Well at least it backfired on him, as his messages also crashes now, as it shows the history on opening, so he's asking ME how to fix it!

I looked through this forum, and tried the suggestion of deleting the message on the iPhone for syncing, and then deleting
~/Library/Messages/Archive/[date]/[log] on the Macbook.

Didn't work.

Checking on my iMac, there was no log for that day; Messages had crashed as it synced before logging it.
I tried the suggestion with Autocorrect, makes no difference.

Since there was no log on the iMac, it had to be somewhere else, so I backed up and opened ~/Library/Messages/chat.db in Textwrangler. There was several occurrences of the string, so I did a search and replace on File: to file:

That did it.

Messages now works again on the iMac. Time to check on the Macbook.

Well, it didn't like me writing to the chat.db, apparently in use. I let it slide for a bit. By the time I got back to it, it was after midnight, and hence the next day, and the offending code wasn't showing in the chat window anyway, so Messages worked again.

The moral: Be wary of smartass brothers.
__________________
People who are willing to give up freedom for the sake of short term
security, deserve neither freedom nor security.
-Benjamin Franklin
msandersen is offline   2 Reply With Quote
Old Feb 5, 2013, 09:51 AM   #155
MacToddB
macrumors 6502a
 
MacToddB's Avatar
 
Join Date: Aug 2007
Location: Rochester, NY
Quote:
Originally Posted by ConCat View Post
I don't think that's related to this.
It keeps happening to me when I try to update Xcode (1.6gb) on multiple macs, too.
__________________
Ringtone Director TALKING CallerID Ringtones in 50+ TTS Voices even Siri!
Ringtones Uncensored voted Best Ringtone App @About.com!
AutoVerbal Talking Soundboard for kids w/Autism & Non-Verbal users!
MacToddB is offline   0 Reply With Quote
Old Feb 5, 2013, 11:05 AM   #156
KnightWRX
macrumors Pentium
 
KnightWRX's Avatar
 
Join Date: Jan 2009
Location: Quebec, Canada
Quote:
Originally Posted by coolspot18 View Post
No it's not - I can't recall the last time Windows can be crashed by merely typing a string.
That's cool, since this isn't crashing OS X either. Just the running app.

Quote:
Originally Posted by coolspot18 View Post
Considering this error is thrown by an assertion within the DataDetector, some programmer thought that this scenario could possibly occur.
No actually, it's quite the opposite. It's probably a condition no programmer ever thought could happen.

IE, a protocol (file) that exists, but using a different case. Has anyone tried to replicate this with fIle:/// fiLe:/// or filE:/// ? This is probably related to some part of the framework doing case insentitive searches passing unmodified strings to a part of the framework doing case sensitive operations. Results in the "Found the protocol! try to do stuff... Can't do that on an unexisting protocol!".

The programmer probably thought : "protocol either is registered or not, anything else is an exception" with a nice "/* We should never get here */"
__________________
"What you leave behind is not what is engraved in stone monuments, but what is woven into the lives of others."
-- Pericles
KnightWRX is offline   2 Reply With Quote
Old Feb 5, 2013, 11:17 AM   #157
KnightWRX
macrumors Pentium
 
KnightWRX's Avatar
 
Join Date: Jan 2009
Location: Quebec, Canada
Quote:
Originally Posted by SlCKB0Y View Post
In plenty of instances the point of the exploit is to crash whatever service you're targeting with the object being that you (or your script/software) gets dropped in a terminal without requiring any authentication. Once this occurs you are free to run commands from the terminal with the same privilege level that the service was previously running with.
Hum... that's now how it works. Crashing an app crashes the app, it doesn't give you a terminal that's running under the user's priviledges.

I think you need to read up on what transforming a crash bug into an exploit entails, it's much more complicated that you seem to think.

I suggest this fine article : Smashing The Stack For Fun And Profit
__________________
"What you leave behind is not what is engraved in stone monuments, but what is woven into the lives of others."
-- Pericles
KnightWRX is offline   0 Reply With Quote
Old Feb 5, 2013, 12:21 PM   #158
LV426
macrumors 6502
 
Join Date: Jan 2013
Quote:
Originally Posted by coolspot18 View Post
No it's not - I can't recall the last time Windows can be crashed by merely typing a string. Considering this error is thrown by an assertion within the DataDetector, some programmer thought that this scenario could possibly occur.
It's not so many years ago when you could visit a website hosted on a Windows server, and type an address ending ::$DATA. Instead of the web page, you'd often get the source script that generates the page instead, sometimes complete with database user names and passwords if the programmer had been exceptionally careless. A hacker's friend indeed.
LV426 is offline   0 Reply With Quote
Old Feb 5, 2013, 12:24 PM   #159
chrfr
macrumors 68020
 
Join Date: Jul 2009
Quote:
Originally Posted by KnightWRX View Post
Hum... that's now how it works. Crashing an app crashes the app, it doesn't give you a terminal that's running under the user's priviledges.
Regardless, this is a denial of service vulnerability that needs to be fixed.
chrfr is offline   0 Reply With Quote
Old Feb 5, 2013, 12:27 PM   #160
Peace
macrumors P6
 
Join Date: Apr 2005
Location: Space--The ONLY Frontier
Quote:
Originally Posted by chrfr View Post
Regardless, this is a denial of service vulnerability that needs to be fixed.
How so ? Once the app crashes it can't be re-opened by any remote computer.

That's sort of how a DDOS works. You need to have the website open to work.

Once it's closed the DDOS is no longer useful.
Peace is offline   0 Reply With Quote
Old Feb 5, 2013, 12:40 PM   #161
chrfr
macrumors 68020
 
Join Date: Jul 2009
Quote:
Originally Posted by Peace View Post
That's sort of how a DDOS works. You need to have the website open to work.
Not a DDOS. Denial of service means that the user can't use the application as intended. If someone can send you a message that crashes your Messages app, that's a DOS.
chrfr is offline   0 Reply With Quote
Old Feb 5, 2013, 01:17 PM   #162
gnasher729
macrumors G5
 
gnasher729's Avatar
 
Join Date: Nov 2005
Quote:
Originally Posted by SlCKB0Y View Post
In plenty of instances the point of the exploit is to crash whatever service you're targeting with the object being that you (or your script/software) gets dropped in a terminal without requiring any authentication. Once this occurs you are free to run commands from the terminal with the same privilege level that the service was previously running with.
In MacOS X, you don't get dropped into any terminal. Please tell me where that kind of exploit would work in this century, and I'll tell me what kind of OS to avoid.

----------

Quote:
Originally Posted by coolspot18 View Post
No it's not - I can't recall the last time Windows can be crashed by merely typing a string. Considering this error is thrown by an assertion within the DataDetector, some programmer thought that this scenario could possibly occur.
You never heard of it on Windows. You never heard of it on a Mac before last week. And if you look at the crash dump, a programmer thought that his code _might_ be given a url that isn't a file url (always good to be careful), and got the test badly wrong. Bugs happen.

----------

Quote:
Originally Posted by msandersen View Post
My smartass brother sent this to me via iMessage, I heard my phone so tried opening Messenger on the Macbook. Crash. Left it at that as I was busy anyway. Later he rang and asked if I'd opened the message. Oh great! I could sense him grinning, and I knew what had happened. The iPhone can show it, so no data detector or whatever is causing it there. I turned on the iMac and checked Messages, and it crashed as soon as I opened it. Thanks a lot brother-of-mine!
You should introduce your brother to the concept of corporal punishment. Or accidentally drop his phone into a bucket of water. Or something like that. And according to one US prosecutor, what he did is a federal crime punishable with up to five years in jail.
gnasher729 is offline   0 Reply With Quote
Old Feb 5, 2013, 01:52 PM   #163
KnightWRX
macrumors Pentium
 
KnightWRX's Avatar
 
Join Date: Jan 2009
Location: Quebec, Canada
Quote:
Originally Posted by chrfr View Post
Regardless, this is a denial of service vulnerability that needs to be fixed.
I actually stated that earlier. Yes, this is a bug that can be successfully exploited to cause a DoS.

----------

Quote:
Originally Posted by Peace View Post
How so ? Once the app crashes it can't be re-opened by any remote computer.

That's sort of how a DDOS works. You need to have the website open to work.

Once it's closed the DDOS is no longer useful.
DDOS = Distributed Denial of Service
DOS = Denial of Service.

The more you know.

This is a DoS bug. The user can be denied the service received by is application. Websites ? That has nothing to do with DoS.
__________________
"What you leave behind is not what is engraved in stone monuments, but what is woven into the lives of others."
-- Pericles
KnightWRX is offline   0 Reply With Quote
Old Feb 5, 2013, 02:13 PM   #164
chrfr
macrumors 68020
 
Join Date: Jul 2009
Quote:
Originally Posted by KnightWRX View Post
I actually stated that earlier. Yes, this is a bug that can be successfully exploited to cause a DoS.
I've even done it myself a couple times by accident replying to threads. I hope this gets fixed soon.
chrfr is offline   0 Reply With Quote
Old Feb 5, 2013, 02:15 PM   #165
Peace
macrumors P6
 
Join Date: Apr 2005
Location: Space--The ONLY Frontier
Quote:
Originally Posted by KnightWRX View Post
I actually stated that earlier. Yes, this is a bug that can be successfully exploited to cause a DoS.

----------



DDOS = Distributed Denial of Service
DOS = Denial of Service.

The more you know.

This is a DoS bug. The user can be denied the service received by is application. Websites ? That has nothing to do with DoS.
http://en.wikipedia.org/wiki/Denial_of_service

"In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.
Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. The term is generally used relating to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management.[1]
One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
Denial-of-service attacks are considered violations of the IAB's Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations."


--------

This bug is not a DOS.
Peace is offline   0 Reply With Quote
Old Feb 5, 2013, 02:19 PM   #166
KnightWRX
macrumors Pentium
 
KnightWRX's Avatar
 
Join Date: Jan 2009
Location: Quebec, Canada
Quote:
Originally Posted by Peace View Post
This bug is not a DOS.
Yes, even your wikipedia entry is clear :

Quote:
to make a machine or network resource unavailable to its intended users.
If I send you a iMessage with File:/// as the contents, your iMessage application will crash. It's thus unavaible to you.

This is a bug that can result in a DoS exploit if you want to be a nitpicker. Any crash bug is, since the exploit is simply triggering the crash condition, repeatedly if necessary.
__________________
"What you leave behind is not what is engraved in stone monuments, but what is woven into the lives of others."
-- Pericles
KnightWRX is offline   0 Reply With Quote
Old Feb 5, 2013, 02:57 PM   #167
coolspot18
macrumors 6502a
 
Join Date: Aug 2010
Quote:
Originally Posted by LV426 View Post
It's not so many years ago when you could visit a website hosted on a Windows server, and type an address ending ::$DATA. Instead of the web page, you'd often get the source script that generates the page instead, sometimes complete with database user names and passwords if the programmer had been exceptionally careless. A hacker's friend indeed.
That was almost a decade ago ... And even by then, the majority of developers had already switched over to ASP.NET, only the most old-school, outdated, or under qualified programmers used classic ASP for their development.

In anycase, I'm surprised Apple hasn't been more proactive in launching a hot fix to patch the issue.

----------

Quote:
Originally Posted by gnasher729 View Post
You never heard of it on Windows. You never heard of it on a Mac before last week. And if you look at the crash dump, a programmer thought that his code _might_ be given a url that isn't a file url (always good to be careful), and got the test badly wrong. Bugs happen.
Yes, my point exactly, so I'm surprised it was not part of an automated test case (since it was a "known" test condition?)
coolspot18 is offline   0 Reply With Quote
Old Feb 5, 2013, 03:12 PM   #168
chrfr
macrumors 68020
 
Join Date: Jul 2009
Quote:
Originally Posted by coolspot18 View Post
In anycase, I'm surprised Apple hasn't been more proactive in launching a hot fix to patch the issue.
Likely that it's because 10.8.3 is late in development, so it'll probably be rolled into that.
chrfr is offline   0 Reply With Quote
Old Feb 5, 2013, 03:14 PM   #169
Peace
macrumors P6
 
Join Date: Apr 2005
Location: Space--The ONLY Frontier
Quote:
Originally Posted by chrfr View Post
Likely that it's because 10.8.3 is late in development, so it'll probably be rolled into that.
Well I know they are actively working on it. I got an email from engineers about it.
Peace is offline   0 Reply With Quote
Old Feb 5, 2013, 06:27 PM   #170
manu chao
macrumors 68020
 
Join Date: Jul 2003
Quote:
Originally Posted by KnightWRX View Post
Yes, even your wikipedia entry is clear :



If I send you a iMessage with File:/// as the contents, your iMessage application will crash. It's thus unavaible to you.

This is a bug that can result in a DoS exploit if you want to be a nitpicker. Any crash bug is, since the exploit is simply triggering the crash condition, repeatedly if necessary.
The conventional meaning of DOS is that a resource hosted in some central location is made inaccessible for its normal users. If you consider everything that stops something from working to be a DOS any kind of sabotage would be a DOS. If I cut your electricity supply, or if I torch your house, it would be a DOS attack with your definition.

If I break the leg of your maid, I also deny you access to a service. Is this also a DOS attack?
manu chao is offline   0 Reply With Quote
Old Feb 5, 2013, 09:20 PM   #171
knapkin
macrumors member
 
Join Date: Oct 2005
Quote:
Originally Posted by KnightWRX View Post
It's probably a condition no programmer ever thought could happen.

IE, a protocol (file) that exists, but using a different case. Has anyone tried to replicate this with fIle:/// fiLe:/// or filE:/// ? This is probably related to some part of the framework doing case insentitive searches passing unmodified strings to a part of the framework doing case sensitive operations. Results in the "Found the protocol! try to do stuff... Can't do that on an unexisting protocol!".

The programmer probably thought : "protocol either is registered or not, anything else is an exception" with a nice "/* We should never get here */"
That was a very good insight! Those crashed my safari (somehow the quote function has not). I would guess you have guessed the bug (or did I miss the story that explains the problem).
knapkin is offline   0 Reply With Quote
Old Feb 6, 2013, 12:51 AM   #172
Tech198
macrumors 68040
 
Join Date: Mar 2011
Location: Australia, Perth
ok ok......I keep typing this is mail, which is annoying when i've just written a long message.. One solution is to surround it by ' '

FYI.. you know if you do this in Firefox, you see your own directory in your web browser ftp style

Tip :- You can disable this by going to System Preferences >> Language and Text , disabling both "Use symbol and text substitution" and "Correct spelling automatically" in the Text tab will prevent the bug from occurring (at a cost from not being able to spell correctly ....)

Doesn't work in all cases.
__________________
13" MBPR, i5, 256Gig SDD, 8 Gig Ram, Apple TV, iPhone 5S 16Gig, iPad 16Gig, Mac Mini 2.3Ghz i7, 1TB HD
"There are no stupid questions, just stupid people."

Last edited by Tech198; Feb 6, 2013 at 01:36 AM.
Tech198 is offline   0 Reply With Quote
Old Feb 6, 2013, 03:46 AM   #173
KnightWRX
macrumors Pentium
 
KnightWRX's Avatar
 
Join Date: Jan 2009
Location: Quebec, Canada
Quote:
Originally Posted by knapkin View Post
That was a very good insight! Those crashed my safari (somehow the quote function has not). I would guess you have guessed the bug (or did I miss the story that explains the problem).
No, I've been programming for quite a few years
__________________
"What you leave behind is not what is engraved in stone monuments, but what is woven into the lives of others."
-- Pericles
KnightWRX is offline   0 Reply With Quote
Old Feb 6, 2013, 04:22 AM   #174
Tech198
macrumors 68040
 
Join Date: Mar 2011
Location: Australia, Perth
Whatever you do, do NOT do this as a Logon Message ;p. i just tryed this to 'see', and it constantly cycled the logon screen. . Yep. It worked, but now i'm locked out.


I have to restore.

Good idea though for revenge, or a present to somene on a new mac
__________________
13" MBPR, i5, 256Gig SDD, 8 Gig Ram, Apple TV, iPhone 5S 16Gig, iPad 16Gig, Mac Mini 2.3Ghz i7, 1TB HD
"There are no stupid questions, just stupid people."

Last edited by Tech198; Feb 6, 2013 at 04:47 AM.
Tech198 is offline   0 Reply With Quote
Old Feb 6, 2013, 07:44 AM   #175
coolspot18
macrumors 6502a
 
Join Date: Aug 2010
Quote:
Originally Posted by Tech198 View Post
Whatever you do, do NOT do this as a Logon Message ;p. i just tryed this to 'see', and it constantly cycled the logon screen. . Yep. It worked, but now i'm locked out.
Great idea... let's try it at the Apple Store, perhaps that will get more attention for the bug and promote better code quality in OSX.
coolspot18 is offline   4 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Mountain Lion - Notes app crashing. PLEASE HELP mlance17 OS X 0 Nov 6, 2012 07:14 AM
EyeTV crashing with Mountain Lion Ryno88 Apple TV and Home Theater 4 Nov 2, 2012 06:55 AM
Mountain Lion Crashing - How to Troubleshoot? lukekarts OS X 10.8 Mountain Lion 2 Aug 6, 2012 12:24 PM
Found a Mountain Lion Mail app bug Murgatroyd OS X 10.8 Mountain Lion 3 Aug 3, 2012 07:12 PM
Mountain Lion - crashing after a day Galaxy Bound OS X 10.8 Mountain Lion 0 Jul 27, 2012 09:43 PM

Forum Jump

All times are GMT -5. The time now is 05:59 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC