Chinese Security Team Exploits Safari Security Flaw at PWN2OWN

Discussion in 'Mac Blog Discussion' started by MacRumors, Mar 14, 2014.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    Every year for the past seven years, hackers have gathered at the annual PWN2OWN event to hack high-profile software and mobile devices using previously unknown vulnerabilities. Apple's Safari browser and iOS platform are often included in the annual contest, which also targets Internet Explorer, Chrome, Firefox, and Adobe's Flash and Reader applications. This year, Safari was taken down on day two by a team of vulnerability researchers and exploit developers from China, reports ThreatPost.

    China's Keen team exploited two vulnerabilities that allowed the team to execute arbitrary code using a Safari WebKit flaw and circumvent Apple's sandbox via an OS X system-level vulnerability. Speaking about the vulnerabilities they found, the Keen team stated that Apple's OS X is difficult to exploit and the operating system overall is very secure.
    Apple representatives attended the contest and were made aware of the security exploits used in the contest. This isn't the first time Safari has been exploited during the contest. In 2011, a team of French security researchers compromised a MacBook by remotely running code within five seconds of contacting the machine.

    Article Link: Chinese Security Team Exploits Safari Security Flaw at PWN2OWN
     
  2. macrumors regular

    Joined:
    Jun 30, 2007
    #2
    Public awareness of security flaws is the best way to ensure the security of our devices. Thank you Chinese security team.
     
  3. macrumors 68040

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #3
    I wonder if the hacker praise is real or just polite words. Hopefully, we will see a Safari update soon.
     
  4. macrumors 68000

    Crosscreek

    Joined:
    Nov 19, 2013
    Location:
    Margarittaville
    #4
    I'm sure the NSA has ways.
     
  5. macrumors 6502

    Joined:
    Jun 8, 2011
    #5
    I'm sure there is professional praise. Plus it's essentially free debug testing for the companies participating.
     
  6. macrumors 68000

    Cuban Missles

    Joined:
    Dec 6, 2012
    Location:
    My heart is in Camagüey, the rest in the USA
    #6
    The article also said the team felt that Safari was more secure than other platforms. I am no expert but it does look like at least one is simple to fix and if I understood correctly you would have to use both to really get control. So if they fix either it would solve the problem.

    Having said all that, if this is the most secure, the others have some really big problems.
     
  7. macrumors 6502a

    Joined:
    Mar 6, 2009
    #7
    I would guess that if the second vulnerability circumvents sandboxing, that it should be the first fix. Webkit vulnerabilities are almost inevitable; that's why sandboxing exists. If sandboxing doesn't catch the threat or is bypassed, that's a greater weakness.
     
  8. macrumors member

    JerryCards

    Joined:
    Nov 20, 2011
    Location:
    Richmond, VA
    #8
    The most secure OS maybe FreeBSD or Linux. MAC OS X evolved from FreeBSD or Unix. OS X contains indecent number of vulnerabilities, but, still can be considered relatively safe.
     
  9. macrumors 68000

    Silencio

    Joined:
    Jul 18, 2002
    Location:
    NYC
    #9
    I think you mean OpenBSD, which has a greater focus on security. Mac OS X is based on FreeBSD.
     
  10. macrumors 601

    Joined:
    Oct 14, 2008
    #10
    Which one of thousand existing Linux distributives are you talking about? Linux is not an OS, its a kernel - and this is the reason why Linux is not even considered at PWN2OWN. The kernel is usually quite secure, its the software stack on its top that has vulnerabilities.
     
  11. macrumors regular

    Joined:
    Oct 15, 2008
    #11
    Indeed. And with the average GUI linux install being anywhere between 3~10 GB on disk, with the kernel only making up ~100MB of that, there is a lot of software stack to go around.

    Karl P
     
  12. macrumors 65816

    Joined:
    Apr 16, 2004
    Location:
    Drifting through space in a broken escape pod
    #12
    Obviously it's better to see these exploits happen at PWN2OWN than have them suddenly spring up in the wild. Apple and other companies attend events like this in order to quickly fix any problems that are demonstrated.
     
  13. laurihoefs, Mar 14, 2014
    Last edited: Mar 17, 2014

    macrumors 6502a

    laurihoefs

    Joined:
    Mar 1, 2013
    Location:
    Korpi
    #13
    Yes it is, indeed.

    We do not know if the security team in question are the first ones to discover this vulnerability, so someone might have already attempted to exploit it, and even succeeded. Now that information about the flaw is out in the open all affected parties are aware of the issue, and can start working to get it fixed. No-one has to rely on security-by-obscurity.

    Sincerely: Thank you team Keen.
     
  14. macrumors 65816

    VanillaCracker

    Joined:
    Apr 11, 2013
    Location:
    Washington D.C.
    #14
    Yeahhhh :D
     
  15. macrumors member

    JerryCards

    Joined:
    Nov 20, 2011
    Location:
    Richmond, VA
    #15
    Most major distributions of linux should be pretty secure. Like Ubuntu, Linux mint (based on Ubuntu) , Fedora. openSUSE. Yes, wrong configuration of any OS will make it vulnerable to attack.

     
  16. macrumors 601

    Joined:
    Oct 14, 2008
    #16
    What do you base this on? There have been three exploits of Firefox presented at this PWN2OWN - why do you think Firefox would be more secure under Linux than under Windows?
     
  17. macrumors 6502a

    Truffy

    Joined:
    May 9, 2005
    Location:
    somewhere outside your window...
    #17
    Strictly speaking, they only said that OS X was relatively secure, in the OP at least they didn't make any mention of Safari's security status.
    Oh come on, let's give proper recognition. The team name (Keen) is given in the OP.
     
  18. macrumors 68020

    Solomani

    Joined:
    Sep 25, 2012
    #18
    This is the best point regarding this news. The fact that Apple sent reps to the conference, they were standing by ready to learn of any uncovered security flaws on Apple's own browser. Hopefully it leads to Apple to plugging those holes in a timely manner.

    Good.
     
  19. macrumors 6502

    Joined:
    Dec 12, 2008
    #19
    I'm getting tired of Safari and it's problems with certain websites and incompatibility.
    Why doesn't Apple switch to a more compatible platform already?
     
  20. macrumors member

    Joined:
    Mar 3, 2014
    #20
    Because user-land is separate from core, programs are in /usr/bin and important stuff in /etc. because you breach user-land you don't breach the core of the system. This is thing that is not true about OS X there are ways to block user-land too but..

    Linux's fragmentation will make it inherently more secure.
     
  21. macrumors 601

    Joined:
    Oct 14, 2008
    #21
    What difference does the filesystem layout make in this case? If you are able to get control of a browser, you gain permissions of the user which has launched the browser. This is often enough to wreck havoc on the system, like reading/deleting user files etc. Starting with Vista, the permission system of Windows works quite similar to those of OS X or, say, Ubuntu.

    BTW, the filesystem organisation is one reason why I tend to stay away from Linux. Its really difficult to manage software it it puts itself all over the file tree. OS X with its bundle system is the best solution I have seen so far.
     
  22. macrumors member

    Joined:
    Mar 3, 2014
    #22
    It doesn't put everything all over the file tree it puts data on two places just like OS X and none of it is in root like OS X. If you exploit a user you exploited that user not the system, systems like Ubuntu don't even create a root user that could exploit the whole system.
     
  23. macrumors 601

    Joined:
    Oct 14, 2008
    #23
    OS X applications are usually a bundle, which is one single folder. Under Unix, the application files are usually scattered somewhere within \usr\local or wherever. I have no idea what you mean by 'in root', it doesn't make any sense to me. And - every Linux has a root user. Under Ubuntu, just like under OS X or Windows, the user with admin rights can temporally get root privileges by using user elevation.
     
  24. macrumors newbie

    Joined:
    Apr 25, 2011
    #24
    Looks like China's Keen team found NSA's back door :D
     
  25. macrumors regular

    Joined:
    Jan 7, 2003
    Location:
    Sydney, Australia
    #25

Share This Page