Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Odd Mountain Lion Crashing Bug Brings Down Nearly Any App
- Thread starter MacRumors
- Start date
- Sort by reaction score
In plenty of instances the point of the exploit is to crash whatever service you're targeting with the object being that you (or your script/software) gets dropped in a terminal without requiring any authentication. Once this occurs you are free to run commands from the terminal with the same privilege level that the service was previously running with.
Last edited:
My smartass brother sent this to me via iMessage, I heard my phone so tried opening Messenger on the Macbook. Crash. Left it at that as I was busy anyway. Later he rang and asked if I'd opened the message. Oh great! I could sense him grinning, and I knew what had happened. The iPhone can show it, so no data detector or whatever is causing it there. I turned on the iMac and checked Messages, and it crashed as soon as I opened it. Thanks a lot brother-of-mine!
Well at least it backfired on him, as his messages also crashes now, as it shows the history on opening, so he's asking ME how to fix it!
I looked through this forum, and tried the suggestion of deleting the message on the iPhone for syncing, and then deleting
~/Library/Messages/Archive/[date]/[log] on the Macbook.
Didn't work.
Checking on my iMac, there was no log for that day; Messages had crashed as it synced before logging it.
I tried the suggestion with Autocorrect, makes no difference.
Since there was no log on the iMac, it had to be somewhere else, so I backed up and opened ~/Library/Messages/chat.db in Textwrangler. There was several occurrences of the string, so I did a search and replace on File: to file:
That did it.
Messages now works again on the iMac. Time to check on the Macbook.
Well, it didn't like me writing to the chat.db, apparently in use. I let it slide for a bit. By the time I got back to it, it was after midnight, and hence the next day, and the offending code wasn't showing in the chat window anyway, so Messages worked again.
The moral: Be wary of smartass brothers.
Well at least it backfired on him, as his messages also crashes now, as it shows the history on opening, so he's asking ME how to fix it!
I looked through this forum, and tried the suggestion of deleting the message on the iPhone for syncing, and then deleting
~/Library/Messages/Archive/[date]/[log] on the Macbook.
Didn't work.
Checking on my iMac, there was no log for that day; Messages had crashed as it synced before logging it.
I tried the suggestion with Autocorrect, makes no difference.
Since there was no log on the iMac, it had to be somewhere else, so I backed up and opened ~/Library/Messages/chat.db in Textwrangler. There was several occurrences of the string, so I did a search and replace on File: to file:
That did it.
Messages now works again on the iMac. Time to check on the Macbook.
Well, it didn't like me writing to the chat.db, apparently in use. I let it slide for a bit. By the time I got back to it, it was after midnight, and hence the next day, and the offending code wasn't showing in the chat window anyway, so Messages worked again.
The moral: Be wary of smartass brothers.
It keeps happening to me when I try to update Xcode (1.6gb) on multiple macs, too.
That's cool, since this isn't crashing OS X either. Just the running app.
No actually, it's quite the opposite. It's probably a condition no programmer ever thought could happen.
IE, a protocol (file) that exists, but using a different case. Has anyone tried to replicate this with fIle:/// fiLe:/// or filE:/// ? This is probably related to some part of the framework doing case insentitive searches passing unmodified strings to a part of the framework doing case sensitive operations. Results in the "Found the protocol! try to do stuff... Can't do that on an unexisting protocol!".
The programmer probably thought : "protocol either is registered or not, anything else is an exception" with a nice "/* We should never get here */"
Hum... that's now how it works. Crashing an app crashes the app, it doesn't give you a terminal that's running under the user's priviledges.
I think you need to read up on what transforming a crash bug into an exploit entails, it's much more complicated that you seem to think.
I suggest this fine article : Smashing The Stack For Fun And Profit
It's not so many years ago when you could visit a website hosted on a Windows server, and type an address ending ::$DATA. Instead of the web page, you'd often get the source script that generates the page instead, sometimes complete with database user names and passwords if the programmer had been exceptionally careless. A hacker's friend indeed.
How so ? Once the app crashes it can't be re-opened by any remote computer.
That's sort of how a DDOS works. You need to have the website open to work.
Once it's closed the DDOS is no longer useful.
Not a DDOS. Denial of service means that the user can't use the application as intended. If someone can send you a message that crashes your Messages app, that's a DOS.
In MacOS X, you don't get dropped into any terminal. Please tell me where that kind of exploit would work in this century, and I'll tell me what kind of OS to avoid.
----------
You never heard of it on Windows. You never heard of it on a Mac before last week. And if you look at the crash dump, a programmer thought that his code _might_ be given a url that isn't a file url (always good to be careful), and got the test badly wrong. Bugs happen.
----------
You should introduce your brother to the concept of corporal punishment. Or accidentally drop his phone into a bucket of water. Or something like that. And according to one US prosecutor, what he did is a federal crime punishable with up to five years in jail.
I actually stated that earlier. Yes, this is a bug that can be successfully exploited to cause a DoS.
----------
DDOS = Distributed Denial of Service
DOS = Denial of Service.
The more you know.
This is a DoS bug. The user can be denied the service received by is application. Websites ? That has nothing to do with DoS.
I've even done it myself a couple times by accident replying to threads. I hope this gets fixed soon.
http://en.wikipedia.org/wiki/Denial_of_service
"In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.
Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. The term is generally used relating to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management.[1]
One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
Denial-of-service attacks are considered violations of the IAB's Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations."
--------
This bug is not a DOS.
Yes, even your wikipedia entry is clear :
If I send you a iMessage with File:/// as the contents, your iMessage application will crash. It's thus unavaible to you.
This is a bug that can result in a DoS exploit if you want to be a nitpicker. Any crash bug is, since the exploit is simply triggering the crash condition, repeatedly if necessary.
That was almost a decade ago ... And even by then, the majority of developers had already switched over to ASP.NET, only the most old-school, outdated, or under qualified programmers used classic ASP for their development.
In anycase, I'm surprised Apple hasn't been more proactive in launching a hot fix to patch the issue.
----------
Yes, my point exactly, so I'm surprised it was not part of an automated test case (since it was a "known" test condition?)
Likely that it's because 10.8.3 is late in development, so it'll probably be rolled into that.
Well I know they are actively working on it. I got an email from engineers about it.
The conventional meaning of DOS is that a resource hosted in some central location is made inaccessible for its normal users. If you consider everything that stops something from working to be a DOS any kind of sabotage would be a DOS. If I cut your electricity supply, or if I torch your house, it would be a DOS attack with your definition.
If I break the leg of your maid, I also deny you access to a service. Is this also a DOS attack?
That was a very good insight! Those crashed my safari (somehow the quote function has not). I would guess you have guessed the bug (or did I miss the story that explains the problem).
ok ok......I keep typing this is mail, which is annoying when i've just written a long message.. One solution is to surround it by ' '
FYI.. you know if you do this in Firefox, you see your own directory in your web browser ftp style
Tip :- You can disable this by going to System Preferences >> Language and Text , disabling both "Use symbol and text substitution" and "Correct spelling automatically" in the Text tab will prevent the bug from occurring (at a cost from not being able to spell correctly ....)
Doesn't work in all cases.
FYI.. you know if you do this in Firefox, you see your own directory in your web browser ftp style
Tip :- You can disable this by going to System Preferences >> Language and Text , disabling both "Use symbol and text substitution" and "Correct spelling automatically" in the Text tab will prevent the bug from occurring (at a cost from not being able to spell correctly ....)
Doesn't work in all cases.
Last edited:
Whatever you do, do NOT do this as a Logon Message ;p. i just tryed this to 'see', and it constantly cycled the logon screen. . Yep. It worked, but now i'm locked out.
I have to restore.
Good idea though for revenge, or a present to somene on a new mac
. Yep. It worked, but now i'm locked out.I have to restore.
Good idea though for revenge, or a present to somene on a new mac
Last edited:
Whatever you do, do NOT do this as a Logon Message ;p. i just tryed this to 'see', and it constantly cycled the logon screen.
Great idea... let's try it at the Apple Store, perhaps that will get more attention for the bug and promote better code quality in OSX.