20 critical Apple vulnerabilities to be revealed

[MacBytes]

Category: News and Press Releases
Link: 20 critical Apple vulnerabilities to be revealed
Description:: Charlie Miller, the security researcher renowned for hacking Apple products during many a hacking competition, will be making public (at the CanSecWest security conference later this month) his latest research through which - he claims - he was able to find some 30 critical flaws in commonly used software.

Posted on MacBytes.com
Approved by Mudbug

 

[Sayer]

..security flaws that are only accessible by inserting a 3rd party USB device, installing a 3rd party KEXT and then opening a ridiculously complex "special" PNG file that must be opened via the command line using 'sudo' right?

 

[eawmp1]

Charlie Miller, the security researcher renowned for hacking Apple products during many a hacking competition, will be making public (at the CanSecWest security conference later this month) his latest research through which - he claims - he was able to find some 30 critical flaws in commonly used software.

Having hacked in the past the MacBook Air and the Safari browser, he might seem bent of making Apple look bad, but his research encompassed testing of software form different vendors: Adobe Reader, Apple Preview, Microsoft PowerPoint and Oracle's OpenOffice.

Using a simple Python script in order to fuzz test the applications, he discovered more than a 1000 ways to crash them. Of that number, 30 bugs allowed him to hijack the programs. And of those 30, 20 were found in Apple's Preview.

He says that he was surprised to find so many bugs, since the only thing required for this kind of testing is some knowledge and a lot of patience - the script was running on the programs for 3 weeks. “It’s shocking that Apple didn’t do this first,” said Miller in an interview with Forbes.

The results are even more surprising when one considers that Adobe Reader was also tested. One of Adobe's most widely used software, Reader is considered to be one of the most flawed applications out there and its vulnerabilities are regularly exploited by cyber criminals.

Miller is still considering what to do with his discovery. He still hasn't revealed the details of the bugs to Apple or to the other vendors, and is thinking about not doing it at all, but keeping them secret and checking occasionally if they have been fixed. This way, we could all definitely know which vendors are serious about security - and which are not.

1) The security flaws have been widely exploited
2) I've got a secret and I'm not tellin'

 

[MMX]

Software has bugs? I don't believe it.

 

[Full of Win]

Bring it on!

 

[2002cbr600f4i]

Um if he doesn't tell Apple about them, how can he honestly expect them to fix them? If they don't know it's broke they can't patch it... Maybe he has come up with a way to attack that nobody at Apple has thought of to test to find such bugs internally...

Until such claims are presented either to the company at fault or open to the public for verification, I call BS.

 

[ogee]

Wow 30 exploits, so many, not like some other popular systems that have what ... how many...??

 

[nagromme]

Um if he doesn't tell Apple about them, how can he honestly expect them to fix them? If they don't know it's broke they can't patch it... Maybe he has come up with a way to attack that nobody at Apple has thought of to test to find such bugs internally...

Until such claims are presented either to the company at fault or open to the public for verification, I call BS.

Even if it’s not all BS, he’s still not behaving like a responsible security researcher, but like an insecure person (no pun intended) who craves attention.

Maybe he should make list of companies whose code base is so small that it’s either bug-free, or that any bug can be found without even knowing what it is. (This list would be zero companies long.)

 

[JavierP]

Um if he doesn't tell Apple about them, how can he honestly expect them to fix them? If they don't know it's broke they can't patch it... Maybe he has come up with a way to attack that nobody at Apple has thought of to test to find such bugs internally...

Until such claims are presented either to the company at fault or open to the public for verification, I call BS.

He's not doing anything special, he just feeds crap/out of spec. params to applications and wait for them to crash because of memory corruption. He also looks for security problems in open source projects that Apple uses and checks if Apple devels are dragging their feet on the bug fixing.
Apple could have an army of people like him looking for vulnerabilities/reviewing code.

 

[Consultant]

Perhaps the more important thing is:

One of Adobe's most widely used software, Reader is considered to be one of the most flawed applications out there and its vulnerabilities are regularly exploited by cyber criminals.

 

[macswitcha2]

Wow 30 exploits, so many, not like some other popular systems that have what ... how many...??

That's besides the point...if there was 30 vulnerable spots in your home by which thieves can get in and rob you blind, you will want to quickly secure such places.

 

[Bandman999]

That's besides the point...if there was 30 vulnerable spots in your home by which thieves can get in and rob you blind, you will want to quickly secure such places.

Why bother with the Mission-Impossible-style task to gain access to the dispose-all in my kitchen when you can walk right in the front door of the next house and rob the whole place?

 

[padrino121]

Even if it’s not all BS, he’s still not behaving like a responsible security researcher, but like an insecure person (no pun intended) who craves attention.

Maybe he should make list of companies whose code base is so small that it’s either bug-free, or that any bug can be found without even knowing what it is. (This list would be zero companies long.)

I'm not sure what your definition of a responsible security researcher is but if it's turning over everything he finds to Apple or other vendors out of the good of his heart he is doing himself a disservice for man months of labor. I'm not sure about you but charity doesn't factor into the equation. He doesn't sell them on the black market but uses his (strong) skillset to point out to the general public an important point about the reality of security in the software most use every day.

 

[John Kotches]

I'm not sure what your definition of a responsible security researcher is but if it's turning over everything he finds to Apple or other vendors out of the good of his heart he is doing himself a disservice for man months of labor. I'm not sure about you but charity doesn't factor into the equation. He doesn't sell them on the black market but uses his (strong) skillset to point out to the general public an important point about the reality of security in the software most use every day.

And the novelty here is? It's been done before, it'll be done again but the general public will continue on aimlessly -- with unsecured WAPs and systems.

 

[Winni]

Why bother with the Mission-Impossible-style task to gain access to the dispose-all in my kitchen when you can walk right in the front door of the next house and rob the whole place?

You are conveniently ignoring the fact that the other house is much safer by design than your cozy designer home with its 30 freshly discovered EXPLOITS.

And maybe some of you folks here also do not understand the difference between a system vulnerability and an exploit -- an exploit demonstrates how you can actually take advantage of a vulnerability. There is nothing theoretical about an exploit.

What Apple fans just don't want to hear in this context is that those security folks clearly and without room for interpretation said that Mac OS X is the easiest to crack system out there and that it is much less secure than even Windows. There is nothing to discuss about that statement, especially not since they are even able to prove it. It's just that Mac heads don't want to hear it and escape in their typical state of denial: There cannot be what's not supposed to be. And Apple just cannot do wrong.

 

[NT1440]

You are conveniently ignoring the fact that the other house is much safer by design than your cozy designer home with its 30 freshly discovered EXPLOITS.

And maybe some of you folks here also do not understand the difference between a system vulnerability and an exploit -- an exploit demonstrates how you can actually take advantage of a vulnerability. There is nothing theoretical about an exploit.

What Apple fans just don't want to hear in this context is that those security folks clearly and without room for interpretation said that Mac OS X is the easiest to crack system out there and that it is much less secure than even Windows. There is nothing to discuss about that statement, especially not since they are even able to prove it. It's just that Mac heads don't want to hear it and escape in their typical state of denial: There cannot be what's not supposed to be. And Apple just cannot do wrong.

Uh, why don't you actually wait to see what these are? How many times does the media use wrong terms or related terms interchangeably?

Edit: you should probably read the actual article as well....

Also, how is windows (which I assume you meant by "the other house") safer by design than something based on unix?

 

[mabaker]

I actually am still waiting for some of these wannabie hackers come and HACK THE HELL OF OUT let’s say 100+ Macs across the web and prove their Goddamn point. And please - without pre-existing plug-ins into Safari or stuff like that.

Until then the opinion that Mac OS X is less secure but FAR safe than Windows stands still as a rock.

 

[ScottishDuck]

I actually am still waiting for some of these wannabie hackers come and HACK THE HELL OF OUT let’s say 100+ Macs across the web and prove their Goddamn point. And please - without pre-existing plug-ins into Safari or stuff like that.

Until then the opinion that Mac OS X is less secure but FAR safe than Windows stands still as a rock.

There are numerous mac botnets.

 

[aristobrat]

And maybe some of you folks here also do not understand the difference between a system vulnerability and an exploit -- an exploit demonstrates how you can actually take advantage of a vulnerability. There is nothing theoretical about an exploit.

You forgot RISK.

RISK is based on the likelihood that an attacker will take advantage of that exploit.

OS X has always had vulnerability and exploits.

What OS X HASN'T had is a track record of attackers being able to successfully publicly take advantage of those exploits.

There are numerous mac botnets.

Numerous? Google seems to think that there's one, and it wasn't the result of exploits of software vulnerabilities, AFAIK.

 

[Consultant]

You are conveniently ignoring the fact that the other house is much safer by design than your cozy designer home with its 30 freshly discovered EXPLOITS.

And maybe some of you folks here also do not understand the difference between a system vulnerability and an exploit -- an exploit demonstrates how you can actually take advantage of a vulnerability. There is nothing theoretical about an exploit.

What Apple fans just don't want to hear in this context is that those security folks clearly and without room for interpretation said that Mac OS X is the easiest to crack system out there and that it is much less secure than even Windows. There is nothing to discuss about that statement, especially not since they are even able to prove it. It's just that Mac heads don't want to hear it and escape in their typical state of denial: There cannot be what's not supposed to be. And Apple just cannot do wrong.

Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
http://i.gizmodo.com/5101337/giz-explains-why-os-x-shrugs-off-viruses-better-than-windows

The Mac Malware Myth
http://www.roughlydrafted.com/2009/01/29/the-mac-malware-myth/

The Unavoidable Malware Myth
http://www.roughlydrafted.com/2008/...-apple-wont-inherit-microsofts-malware-crown/

Windows 7 Still failed virus tests
http://www.winandmac.com/news/windows7virustest/

FYI, many hackers, such as Kevin Mitnick, use a Mac. You think about that.

There are numerous mac botnets.

That's misleading.

It only happens for the el cheapos who pirated iWork (or installed suspicious software). That's installed via trojan that depends on user stupidity, not OS insecurity.

 

[applesupergeek]

I actually am still waiting for some of these wannabie hackers come and HACK THE HELL OF OUT let’s say 100+ Macs across the web and prove their Goddamn point. And please - without pre-existing plug-ins into Safari or stuff like that.

Until then the opinion that Mac OS X is less secure but FAR safe than Windows stands still as a rock.

Excellent point buddy. The proof of the eating is in the pudding. There are a lot of "security" experts working for wannabe antiviruses for mac that they 'd love to have macs hacked in large numbers so they can sell their wares or sociopath hackers. The fact that this hasn't happened is testament that the proverbial pudding is really tasty!

 

[Pentad]

Help, my MBP is naked!!

After reading this, my Apple portables seem a bit more naked....


http://www.forbes.com/global/2010/0...arlie-miller-hackers-security-hack-proof.html

 

[GGJstudios]

20 critical Apple vulnerabilities to be revealed

 

[I-Eat-Flowers]

look at that douche in his ugly lacoste tshirt

 

[gwsat]

I certainly won't minimize the apparent security holes discussed in the Forbes piece. Any way you slice it, they are a concern. Nevertheless, it seems to me that the main reason Windows machines are successfully attacked exponentially more often than are Macs is that there are exponentially more of them. Thus, OS X simply isn't nearly as tempting a target for meanspirited hackers as Windows is. I knew there had to be a reason why we pay Apple those premium prices.