Results 1 to 18 of 18

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Researcher Finds 20 Preview, Safari Security Holes

  1. #1
    MMi Staff Writer Paul Daniel Ash's Avatar
    Join Date
    Aug 2009
    Location
    Union Square, Somerville, Mass.
    Posts
    919
    Thanks
    6
    Thanked 995 Times in 401 Posts

    Default Researcher Finds 20 Preview, Safari Security Holes


    Internet security researcher Charlie MIller will release the results of research he's done to uncover 30 security holes in Mac OS X to the CanSecWest security conference in Vancouver later this month. According to a report by Forbes, the guy who won a MacBook Air at Pwn2Own the past two straight years is not sure whether he will tell Apple what the flaws are: he says he might hold on to them for this year's challenge.

    Miller worked for five years at the US National Security Agency as a "global network explaoitation analyst," finding weaknesses and vulnerabilities in computer networks for the US government spies, reportedly carrying out multiple hacks against foreign targets. As a private citizen, he started Independent Security Evaluators, a consulting firm, showing service providers how to harden their Web code against attack. Miller has been very public in his focus on the vulnerabilities of Apple software, being the first to discover a security hole in Mobile Safari in 2007. At Pwn2Own in 2008, it took him just two minutes to defeat a MacBook Air's security, and used a Safari exploit to crack a MacBook in less than 10 seconds in 2009. Last year, he also used an SMS vulnerability to pwn an iPhone.

    A report by Andy Greenberg the Forbes Firewall blog notes that of the 30 previously unknown security holes Miller found in Mac OS X, 20 of them are in the Preview application. By tricking a user into opening a PDF that contains Miller's exploit, a hacker could gain control of their Mac. Moreover, since Safari uses Preview's rendering engine to display PDFs in the browser, the code could be hidden on any web page.

    Miller told Forbes that he used "dumb fuzzing" to find the holes: a Python script just five lines long changed one bit on a PDF file at a time and let the application run it, checking to see if it crashed. He used this brute force method for three weeks straight on each of four applications and says he found a thousand different ways to crash them. He then investigated the crashes to see if any of them allowed him to gain control of the system. There were 20 exploitable bugs in Preview compared with either 3 or 4 each in Reader, PowerPoint, and OpenOffice.

    Miller said that he was surprised he found so many bugs, and took it as a clear indication that Apple being lax in doing its own security testing, “It’s shocking that Apple didn’t do this first," the researcher told Forbes. "The only skill I’ve used here is patience.” He indicated that he hasn't informed Apple of his discoveries and may try to use them against Mobile Safari on the iPhone for this year's Pwn2Own competition. If that works, he says, he'll see if they work on the iPad as well.

    "Microsoft, Apple, and Adobe all have huge security teams, and I'm one guy working out of my house," Miller says. "I shouldn't be able to find bugs like these, ever."
    Last edited by Paul Daniel Ash; 03-21-2010 at 08:05 PM. Reason: wiki preview :(

  2. #2
    wow this is some serious stuff huh well what are they gonna do about it
    IF I HELPED PLEASE HIT THANKS

  3. #3
    I vote charlie miller should jump on the jailbreak train.

  4. #4
    it's no secret that their are holes in the OS. the thing is that viruses are written for pc's because there are more of them.

    it's not because macs are just so godly that they're immune

  5. The Following 3 Users Say Thank You to lolcats1 For This Useful Post:

    GTOpilot (03-22-2010), MetallicaFan1991 (03-22-2010), SquareWheel (03-21-2010)

  6. #5
    Quote Originally Posted by frozenra1n View Post
    I vote charlie miller should jump on the jailbreak train.
    Agreed, imagine what would be accomplished

  7. #6
    Quote Originally Posted by Jgamble317 View Post
    Agreed, imagine what would be accomplished
    nothing. he just found ways to make viruses for macs. not modifying the OS

  8. #7
    I want that man's knowledge. I feel dumb haha

  9. #8
    i wonder whats the percentile of people who have macs verses pc
    IF I HELPED PLEASE HIT THANKS

  10. #9
    Green Apple
    Join Date
    Jul 2007
    Location
    Clackamas, Oregon, United States
    Posts
    80
    Thanks
    142
    Thanked 13 Times in 9 Posts

    Quote Originally Posted by rickybobby View Post
    i wonder whats the percentile of people who have macs verses pc
    in December of 09 the mac market share was about 5.11%. and Windows was about 92.21
    thats about 1 mac to every 18 windows

  11. #10
    macs are as vulnerable as you let them
    killall Terminal[]

  12. #11

  13. #12
    Livin the iPhone Life steve-z17's Avatar
    Join Date
    Sep 2007
    Location
    Utah
    Posts
    2,266
    Thanks
    91
    Thanked 146 Times in 124 Posts

    I for one am glad that more people prefer Windows over Mac. More viruses written for Windows is totally fine with me! This guy is really smart, wish I knew how to do some of that stuff.

  14. #13
    Green Apple
    Join Date
    Nov 2007
    Posts
    39
    Thanks
    0
    Thanked 2 Times in 1 Post
    he just really knows his stuff. he probably knows every code known to mankind. and he's a professional on top of it. practice + patience is all it takes!

    i too am glad many poeple own windoze over mac, it makes me feel special because when poeple come to my house, they dont want to use my computer becuase "they dont know how"

  15. #14
    Quote Originally Posted by PhrequenC View Post
    i too am glad many poeple own windoze over mac, it makes me feel special because when poeple come to my house, they dont want to use my computer becuase "they dont know how"
    It doesn't take much for you to feel special does it?

  16. #15
    Quote Originally Posted by PhrequenC View Post
    he just really knows his stuff. he probably knows every code known to mankind. and he's a professional on top of it. practice + patience is all it takes!

    i too am glad many poeple own windoze over mac, it makes me feel special because when poeple come to my house, they dont want to use my computer becuase "they dont know how"
    I agree, It's quite funny. Because I always say macs are great they pick up on small flays and then say macs are bad. Very funny. Like "Look your CPU has gone full, macs are bad", I'm sure thats never happened to them (sarcastically). And "My netbook is better than your MacBook" I'm sure it's a lot faster with it's 1.6GHz CPU and a tiny screen and two or three apps open at a time. Also the "It's much easier in Windows" comments are sooo funny.

  17. #16
    Quote Originally Posted by pauldanielash View Post


    Internet security researcher Charlie MIller will release the results of research he's done to uncover 30 security holes in Mac OS X to the CanSecWest security conference in Vancouver later this month. According to a report by Forbes, the guy who won a MacBook Air at Pwn2Own the past two straight years is not sure whether he will tell Apple what the flaws are: he says he might hold on to them for this year's challenge.

    Miller worked for five years at the US National Security Agency as a "global network explaoitation analyst," finding weaknesses and vulnerabilities in computer networks for the US government spies, reportedly carrying out multiple hacks against foreign targets. As a private citizen, he started Independent Security Evaluators, a consulting firm, showing service providers how to harden their Web code against attack. Miller has been very public in his focus on the vulnerabilities of Apple software, being the first to discover a security hole in Mobile Safari in 2007. At Pwn2Own in 2008, it took him just two minutes to defeat a MacBook Air's security, and used a Safari exploit to crack a MacBook in less than 10 seconds in 2009. Last year, he also used an SMS vulnerability to pwn an iPhone.

    A report by Andy Greenberg the Forbes Firewall blog notes that of the 30 previously unknown security holes Miller found in Mac OS X, 20 of them are in the Preview application. By tricking a user into opening a PDF that contains Miller's exploit, a hacker could gain control of their Mac. Moreover, since Safari uses Preview's rendering engine to display PDFs in the browser, the code could be hidden on any web page.

    Miller told Forbes that he used "dumb fuzzing" to find the holes: a Python script just five lines long changed one bit on a PDF file at a time and let the application run it, checking to see if it crashed. He used this brute force method for three weeks straight on each of four applications and says he found a thousand different ways to crash them. He then investigated the crashes to see if any of them allowed him to gain control of the system. There were 20 exploitable bugs in Preview compared with either 3 or 4 each in Reader, PowerPoint, and OpenOffice.

    Miller said that he was surprised he found so many bugs, and took it as a clear indication that Apple being lax in doing its own security testing, ďItís shocking that Apple didnít do this first," the researcher told Forbes. "The only skill Iíve used here is patience.Ē He indicated that he hasn't informed Apple of his discoveries and may try to use them against Mobile Safari on the iPhone for this year's Pwn2Own competition. If that works, he says, he'll see if they work on the iPad as well.

    "Microsoft, Apple, and Adobe all have huge security teams, and I'm one guy working out of my house," Miller says. "I shouldn't be able to find bugs like these, ever."

    Like, great article!
    Never talk to a wise owl.

  18. #17
    Livin the iPhone Life CaptainChaos's Avatar
    Join Date
    Sep 2008
    Location
    In a van down by the river
    Posts
    4,826
    Thanks
    553
    Thanked 515 Times in 427 Posts

    So he can crash apps. Nice. If this wins the contest for him that will be sad.

  19. #18
    Quote Originally Posted by CaptainChaos View Post
    So he can crash apps
    ...and "gain control of the system." Seriously, learn to read! Ever heard of privilege escalation? I thought not.

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •