• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Researcher Finds 20 Preview, Safari Security Holes


    Internet security researcher Charlie MIller will release the results of research he's done to uncover 30 security holes in Mac OS X to the CanSecWest security conference in Vancouver later this month. According to a report by Forbes, the guy who won a MacBook Air at Pwn2Own the past two straight years is not sure whether he will tell Apple what the flaws are: he says he might hold on to them for this year's challenge.

    Miller worked for five years at the US National Security Agency as a "global network explaoitation analyst," finding weaknesses and vulnerabilities in computer networks for the US government spies, reportedly carrying out multiple hacks against foreign targets. As a private citizen, he started Independent Security Evaluators, a consulting firm, showing service providers how to harden their Web code against attack. Miller has been very public in his focus on the vulnerabilities of Apple software, being the first to discover a security hole in Mobile Safari in 2007. At Pwn2Own in 2008, it took him just two minutes to defeat a MacBook Air's security, and used a Safari exploit to crack a MacBook in less than 10 seconds in 2009. Last year, he also used an SMS vulnerability to pwn an iPhone.

    A report by Andy Greenberg the Forbes Firewall blog notes that of the 30 previously unknown security holes Miller found in Mac OS X, 20 of them are in the Preview application. By tricking a user into opening a PDF that contains Miller's exploit, a hacker could gain control of their Mac. Moreover, since Safari uses Preview's rendering engine to display PDFs in the browser, the code could be hidden on any web page.

    Miller told Forbes that he used "dumb fuzzing" to find the holes: a Python script just five lines long changed one bit on a PDF file at a time and let the application run it, checking to see if it crashed. He used this brute force method for three weeks straight on each of four applications and says he found a thousand different ways to crash them. He then investigated the crashes to see if any of them allowed him to gain control of the system. There were 20 exploitable bugs in Preview compared with either 3 or 4 each in Reader, PowerPoint, and OpenOffice.

    Miller said that he was surprised he found so many bugs, and took it as a clear indication that Apple being lax in doing its own security testing, “It’s shocking that Apple didn’t do this first," the researcher told Forbes. "The only skill I’ve used here is patience.” He indicated that he hasn't informed Apple of his discoveries and may try to use them against Mobile Safari on the iPhone for this year's Pwn2Own competition. If that works, he says, he'll see if they work on the iPad as well.

    "Microsoft, Apple, and Adobe all have huge security teams, and I'm one guy working out of my house," Miller says. "I shouldn't be able to find bugs like these, ever."
    This article was originally published in forum thread: Researcher Finds 20 Preview, Safari Security Holes started by Paul Daniel Ash View original post
    Comments 17 Comments
    1. rickybobby's Avatar
      rickybobby -
      wow this is some serious stuff huh well what are they gonna do about it
    1. frozenra1n's Avatar
      frozenra1n -
      I vote charlie miller should jump on the jailbreak train.
    1. lolcats1's Avatar
      lolcats1 -
      it's no secret that their are holes in the OS. the thing is that viruses are written for pc's because there are more of them.

      it's not because macs are just so godly that they're immune
    1. Jgamble317's Avatar
      Jgamble317 -
      Quote Originally Posted by frozenra1n View Post
      I vote charlie miller should jump on the jailbreak train.
      Agreed, imagine what would be accomplished
    1. lolcats1's Avatar
      lolcats1 -
      Quote Originally Posted by Jgamble317 View Post
      Agreed, imagine what would be accomplished
      nothing. he just found ways to make viruses for macs. not modifying the OS
    1. hxclos's Avatar
      hxclos -
      I want that man's knowledge. I feel dumb haha
    1. rickybobby's Avatar
      rickybobby -
      i wonder whats the percentile of people who have macs verses pc
    1. Tizocman's Avatar
      Tizocman -
      Quote Originally Posted by rickybobby View Post
      i wonder whats the percentile of people who have macs verses pc
      in December of 09 the mac market share was about 5.11%. and Windows was about 92.21
      thats about 1 mac to every 18 windows
    1. rhekt's Avatar
      rhekt -
      macs are as vulnerable as you let them
    1. haywetness's Avatar
      haywetness -
      hii
    1. steve-z17's Avatar
      steve-z17 -
      I for one am glad that more people prefer Windows over Mac. More viruses written for Windows is totally fine with me! This guy is really smart, wish I knew how to do some of that stuff.
    1. PhrequenC's Avatar
      PhrequenC -
      he just really knows his stuff. he probably knows every code known to mankind. and he's a professional on top of it. practice + patience is all it takes!

      i too am glad many poeple own windoze over mac, it makes me feel special because when poeple come to my house, they dont want to use my computer becuase "they dont know how"
    1. yomamashump's Avatar
      yomamashump -
      Quote Originally Posted by PhrequenC View Post
      i too am glad many poeple own windoze over mac, it makes me feel special because when poeple come to my house, they dont want to use my computer becuase "they dont know how"
      It doesn't take much for you to feel special does it?
    1. hackint0uch's Avatar
      hackint0uch -
      Quote Originally Posted by PhrequenC View Post
      he just really knows his stuff. he probably knows every code known to mankind. and he's a professional on top of it. practice + patience is all it takes!

      i too am glad many poeple own windoze over mac, it makes me feel special because when poeple come to my house, they dont want to use my computer becuase "they dont know how"
      I agree, It's quite funny. Because I always say macs are great they pick up on small flays and then say macs are bad. Very funny. Like "Look your CPU has gone full, macs are bad", I'm sure thats never happened to them (sarcastically). And "My netbook is better than your MacBook" I'm sure it's a lot faster with it's 1.6GHz CPU and a tiny screen and two or three apps open at a time. Also the "It's much easier in Windows" comments are sooo funny.
    1. zixara's Avatar
      zixara -
      Quote Originally Posted by pauldanielash View Post


      Internet security researcher Charlie MIller will release the results of research he's done to uncover 30 security holes in Mac OS X to the CanSecWest security conference in Vancouver later this month. According to a report by Forbes, the guy who won a MacBook Air at Pwn2Own the past two straight years is not sure whether he will tell Apple what the flaws are: he says he might hold on to them for this year's challenge.

      Miller worked for five years at the US National Security Agency as a "global network explaoitation analyst," finding weaknesses and vulnerabilities in computer networks for the US government spies, reportedly carrying out multiple hacks against foreign targets. As a private citizen, he started Independent Security Evaluators, a consulting firm, showing service providers how to harden their Web code against attack. Miller has been very public in his focus on the vulnerabilities of Apple software, being the first to discover a security hole in Mobile Safari in 2007. At Pwn2Own in 2008, it took him just two minutes to defeat a MacBook Air's security, and used a Safari exploit to crack a MacBook in less than 10 seconds in 2009. Last year, he also used an SMS vulnerability to pwn an iPhone.

      A report by Andy Greenberg the Forbes Firewall blog notes that of the 30 previously unknown security holes Miller found in Mac OS X, 20 of them are in the Preview application. By tricking a user into opening a PDF that contains Miller's exploit, a hacker could gain control of their Mac. Moreover, since Safari uses Preview's rendering engine to display PDFs in the browser, the code could be hidden on any web page.

      Miller told Forbes that he used "dumb fuzzing" to find the holes: a Python script just five lines long changed one bit on a PDF file at a time and let the application run it, checking to see if it crashed. He used this brute force method for three weeks straight on each of four applications and says he found a thousand different ways to crash them. He then investigated the crashes to see if any of them allowed him to gain control of the system. There were 20 exploitable bugs in Preview compared with either 3 or 4 each in Reader, PowerPoint, and OpenOffice.

      Miller said that he was surprised he found so many bugs, and took it as a clear indication that Apple being lax in doing its own security testing, ďItís shocking that Apple didnít do this first," the researcher told Forbes. "The only skill Iíve used here is patience.Ē He indicated that he hasn't informed Apple of his discoveries and may try to use them against Mobile Safari on the iPhone for this year's Pwn2Own competition. If that works, he says, he'll see if they work on the iPad as well.

      "Microsoft, Apple, and Adobe all have huge security teams, and I'm one guy working out of my house," Miller says. "I shouldn't be able to find bugs like these, ever."

      Like, great article!
    1. CaptainChaos's Avatar
      CaptainChaos -
      So he can crash apps. Nice. If this wins the contest for him that will be sad.
    1. PacoBell's Avatar
      PacoBell -
      Quote Originally Posted by CaptainChaos View Post
      So he can crash apps
      ...and "gain control of the system." Seriously, learn to read! Ever heard of privilege escalation? I thought not.