+ Reply
Results 1 to 18 of 18

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Researcher Finds 20 Preview, Safari Security Holes

is a discussion within the

Mac News

forums, a part of the

General Apple/Mac

section;
Internet security researcher Charlie MIller will release the results of research he's done to uncover 30 security holes in Mac OS X to the CanSecWest security conference in Vancouver later
...
  1. #1
    MMi Staff Writer Paul Daniel Ash's Avatar
    Join Date
    Aug 2009
    Location
    Union Square, Somerville, Mass.
    Posts
    919
    Thanks
    6
    Thanked 995 Times in 401 Posts

    Default Researcher Finds 20 Preview, Safari Security Holes


    Internet security researcher Charlie MIller will release the results of research he's done to uncover 30 security holes in Mac OS X to the CanSecWest security conference in Vancouver later this month. According to a report by Forbes, the guy who won a MacBook Air at Pwn2Own the past two straight years is not sure whether he will tell Apple what the flaws are: he says he might hold on to them for this year's challenge.

    Miller worked for five years at the US National Security Agency as a "global network explaoitation analyst," finding weaknesses and vulnerabilities in computer networks for the US government spies, reportedly carrying out multiple hacks against foreign targets. As a private citizen, he started Independent Security Evaluators, a consulting firm, showing service providers how to harden their Web code against attack. Miller has been very public in his focus on the vulnerabilities of Apple software, being the first to discover a security hole in Mobile Safari in 2007. At Pwn2Own in 2008, it took him just two minutes to defeat a MacBook Air's security, and used a Safari exploit to crack a MacBook in less than 10 seconds in 2009. Last year, he also used an SMS vulnerability to pwn an iPhone.

    A report by Andy Greenberg the Forbes Firewall blog notes that of the 30 previously unknown security holes Miller found in Mac OS X, 20 of them are in the Preview application. By tricking a user into opening a PDF that contains Miller's exploit, a hacker could gain control of their Mac. Moreover, since Safari uses Preview's rendering engine to display PDFs in the browser, the code could be hidden on any web page.

    Miller told Forbes that he used "dumb fuzzing" to find the holes: a Python script just five lines long changed one bit on a PDF file at a time and let the application run it, checking to see if it crashed. He used this brute force method for three weeks straight on each of four applications and says he found a thousand different ways to crash them. He then investigated the crashes to see if any of them allowed him to gain control of the system. There were 20 exploitable bugs in Preview compared with either 3 or 4 each in Reader, PowerPoint, and OpenOffice.

    Miller said that he was surprised he found so many bugs, and took it as a clear indication that Apple being lax in doing its own security testing, “It’s shocking that Apple didn’t do this first," the researcher told Forbes. "The only skill I’ve used here is patience.” He indicated that he hasn't informed Apple of his discoveries and may try to use them against Mobile Safari on the iPhone for this year's Pwn2Own competition. If that works, he says, he'll see if they work on the iPad as well.

    "Microsoft, Apple, and Adobe all have huge security teams, and I'm one guy working out of my house," Miller says. "I shouldn't be able to find bugs like these, ever."
    Last edited by Paul Daniel Ash; 03-21-2010 at 07:05 PM. Reason: wiki preview :(

  2. #2
    Green Apple rickybobby's Avatar
    Join Date
    Apr 2009
    Location
    THE GLOVE
    Posts
    419
    Thanks
    40
    Thanked 84 Times in 48 Posts

    wow this is some serious stuff huh well what are they gonna do about it
    IF I HELPED PLEASE HIT THANKS

  3. #3
    Green Apple frozenra1n's Avatar
    Join Date
    Oct 2009
    Posts
    45
    Thanks
    3
    Thanked 1 Time in 1 Post
    I vote charlie miller should jump on the jailbreak train.

  4. #4
    Livin the iPhone Life lolcats1's Avatar
    Join Date
    Dec 2009
    Posts
    1,069
    Thanks
    13
    Thanked 87 Times in 60 Posts

    it's no secret that their are holes in the OS. the thing is that viruses are written for pc's because there are more of them.

    it's not because macs are just so godly that they're immune

  5. The Following 3 Users Say Thank You to lolcats1 For This Useful Post:

    GTOpilot (03-22-2010), MetallicaFan1991 (03-22-2010), SquareWheel (03-21-2010)

  6. #5
    Green Apple
    Join Date
    Jan 2008
    Posts
    76
    Thanks
    6
    Thanked 3 Times in 2 Posts

    Quote Originally Posted by frozenra1n View Post
    I vote charlie miller should jump on the jailbreak train.
    Agreed, imagine what would be accomplished

  7. #6
    Livin the iPhone Life lolcats1's Avatar
    Join Date
    Dec 2009
    Posts
    1,069
    Thanks
    13
    Thanked 87 Times in 60 Posts

    Quote Originally Posted by Jgamble317 View Post
    Agreed, imagine what would be accomplished
    nothing. he just found ways to make viruses for macs. not modifying the OS

  8. #7
    Green Apple
    Join Date
    Aug 2009
    Posts
    33
    Thanks
    1
    Thanked 6 Times in 4 Posts

    I want that man's knowledge. I feel dumb haha

  9. #8
    Green Apple rickybobby's Avatar
    Join Date
    Apr 2009
    Location
    THE GLOVE
    Posts
    419
    Thanks
    40
    Thanked 84 Times in 48 Posts

    i wonder whats the percentile of people who have macs verses pc
    IF I HELPED PLEASE HIT THANKS

  10. #9
    Green Apple
    Join Date
    Jul 2007
    Location
    Clackamas, Oregon, United States
    Posts
    79
    Thanks
    142
    Thanked 12 Times in 8 Posts

    Quote Originally Posted by rickybobby View Post
    i wonder whats the percentile of people who have macs verses pc
    in December of 09 the mac market share was about 5.11%. and Windows was about 92.21
    thats about 1 mac to every 18 windows

  11. #10
    Livin the iPhone Life rhekt's Avatar
    Join Date
    Jun 2009
    Posts
    1,294
    Thanks
    43
    Thanked 65 Times in 53 Posts

    macs are as vulnerable as you let them
    killall Terminal[]

  12. #11
    What's Jailbreak?
    Join Date
    Mar 2010
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    hii

  13. #12
    Livin the iPhone Life steve-z17's Avatar
    Join Date
    Sep 2007
    Location
    Utah
    Posts
    2,227
    Thanks
    91
    Thanked 141 Times in 121 Posts

    I for one am glad that more people prefer Windows over Mac. More viruses written for Windows is totally fine with me! This guy is really smart, wish I knew how to do some of that stuff.

  14. #13
    Green Apple
    Join Date
    Nov 2007
    Posts
    39
    Thanks
    0
    Thanked 2 Times in 1 Post
    he just really knows his stuff. he probably knows every code known to mankind. and he's a professional on top of it. practice + patience is all it takes!

    i too am glad many poeple own windoze over mac, it makes me feel special because when poeple come to my house, they dont want to use my computer becuase "they dont know how"

  15. #14
    Green Apple yomamashump's Avatar
    Join Date
    Mar 2009
    Posts
    52
    Thanks
    5
    Thanked 12 Times in 4 Posts

    Quote Originally Posted by PhrequenC View Post
    i too am glad many poeple own windoze over mac, it makes me feel special because when poeple come to my house, they dont want to use my computer becuase "they dont know how"
    It doesn't take much for you to feel special does it?

  16. #15
    Green Apple
    Join Date
    Aug 2009
    Posts
    66
    Thanks
    4
    Thanked 1 Time in 1 Post
    Quote Originally Posted by PhrequenC View Post
    he just really knows his stuff. he probably knows every code known to mankind. and he's a professional on top of it. practice + patience is all it takes!

    i too am glad many poeple own windoze over mac, it makes me feel special because when poeple come to my house, they dont want to use my computer becuase "they dont know how"
    I agree, It's quite funny. Because I always say macs are great they pick up on small flays and then say macs are bad. Very funny. Like "Look your CPU has gone full, macs are bad", I'm sure thats never happened to them (sarcastically). And "My netbook is better than your MacBook" I'm sure it's a lot faster with it's 1.6GHz CPU and a tiny screen and two or three apps open at a time. Also the "It's much easier in Windows" comments are sooo funny.

  17. #16
    What's Jailbreak? zixara's Avatar
    Join Date
    Jul 2010
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Quote Originally Posted by pauldanielash View Post


    Internet security researcher Charlie MIller will release the results of research he's done to uncover 30 security holes in Mac OS X to the CanSecWest security conference in Vancouver later this month. According to a report by Forbes, the guy who won a MacBook Air at Pwn2Own the past two straight years is not sure whether he will tell Apple what the flaws are: he says he might hold on to them for this year's challenge.

    Miller worked for five years at the US National Security Agency as a "global network explaoitation analyst," finding weaknesses and vulnerabilities in computer networks for the US government spies, reportedly carrying out multiple hacks against foreign targets. As a private citizen, he started Independent Security Evaluators, a consulting firm, showing service providers how to harden their Web code against attack. Miller has been very public in his focus on the vulnerabilities of Apple software, being the first to discover a security hole in Mobile Safari in 2007. At Pwn2Own in 2008, it took him just two minutes to defeat a MacBook Air's security, and used a Safari exploit to crack a MacBook in less than 10 seconds in 2009. Last year, he also used an SMS vulnerability to pwn an iPhone.

    A report by Andy Greenberg the Forbes Firewall blog notes that of the 30 previously unknown security holes Miller found in Mac OS X, 20 of them are in the Preview application. By tricking a user into opening a PDF that contains Miller's exploit, a hacker could gain control of their Mac. Moreover, since Safari uses Preview's rendering engine to display PDFs in the browser, the code could be hidden on any web page.

    Miller told Forbes that he used "dumb fuzzing" to find the holes: a Python script just five lines long changed one bit on a PDF file at a time and let the application run it, checking to see if it crashed. He used this brute force method for three weeks straight on each of four applications and says he found a thousand different ways to crash them. He then investigated the crashes to see if any of them allowed him to gain control of the system. There were 20 exploitable bugs in Preview compared with either 3 or 4 each in Reader, PowerPoint, and OpenOffice.

    Miller said that he was surprised he found so many bugs, and took it as a clear indication that Apple being lax in doing its own security testing, ďItís shocking that Apple didnít do this first," the researcher told Forbes. "The only skill Iíve used here is patience.Ē He indicated that he hasn't informed Apple of his discoveries and may try to use them against Mobile Safari on the iPhone for this year's Pwn2Own competition. If that works, he says, he'll see if they work on the iPad as well.

    "Microsoft, Apple, and Adobe all have huge security teams, and I'm one guy working out of my house," Miller says. "I shouldn't be able to find bugs like these, ever."

    Like, great article!
    Never talk to a wise owl.

  18. #17
    Livin the iPhone Life CaptainChaos's Avatar
    Join Date
    Sep 2008
    Location
    In a van down by the river
    Posts
    4,823
    Thanks
    551
    Thanked 515 Times in 427 Posts

    So he can crash apps. Nice. If this wins the contest for him that will be sad.

  19. #18
    What's Jailbreak?
    Join Date
    Jul 2010
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Quote Originally Posted by CaptainChaos View Post
    So he can crash apps
    ...and "gain control of the system." Seriously, learn to read! Ever heard of privilege escalation? I thought not.

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts