Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
04-15-2010, 02:11 PM #1
Apple Patches Pwn2Own Security Hole in Record Time
Just three weeks after a well-known researcher defeated the security on a MacBook Pro running Snow Leopard, Apple has released a patch for the vulnerability that allowed the exploit. Security Update 2010-003, released today, fixes a security hole in Mac OS X Server 10.5, Mac OS X 10.5, Mac OS X 10.6 and Mac OS X Server 10.6 that would allow someone to run any code they want on the computer just by getting a user to load a file that has a 'maliciously crafted font.'
In the support document accompanying the release, Apple gave proper credit for the discovery of the bug to security analyst Charlie Miller, who pulled a "three-peat" at the Pwn2Own competition this year after winning in 2008 and 2009. Last year, it took Miller all of ten seconds to defeat a MacBook Air's security: he walked away with the laptop and $10,000 US for his efforts. Apple finally rolled out a fix to the bug 55 days later; this year's vulnerability was patched in 21 days. Competition rules require the contestants to keep their exploits secret until they are patched; the information becomes the property of the sponsor, Tipping Point, which shares the vulnerability to the relevant company.
According to the support document, the security hole was in Apple Type Services, a native font renderer that's used in Preview as well as in the PDF viewer of the Safari web browser. "Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution," the support document reads. "An unchecked index issue exists in Apple Type Services' handling of embedded fonts."
Miller also made use of ATS bugs last year, though he wasn't required to reveal details of any exploits other than the one he used to pwn the MacBook. Similarly, this year he discovered many other bugs through "dumb fuzzing:" a brute-force method that simply feeds random data to an application to see what it will do. Miller did not hide his disdain for Apple's software engineers' failure to use this automated testing method to find bugs in their own code. Rather than tell them all the holes he found for them, Miller said after the competition, he taught Apple and other companies "how to find these bugs, and do what I did. That might get them to do more fuzzing."
Security Update 2010-003 can be downloaded and installed via Software Update, or from Apple Downloads.
The Following User Says Thank You to Paul Daniel Ash For This Useful Post:
04-15-2010, 02:32 PM #2
Glad to see Apple doesn't proactively patch system exploits. Thus giving us the jailbroken/unlocked iPhone & insecure products like safari!!!
Not to say the iPhone's native apps are secure.
04-15-2010, 02:47 PM #3
for a sec i thought they patches a jailbreak hole thank god it was mac
04-15-2010, 02:55 PM #4
I love the picture.
04-15-2010, 02:57 PM #5
downloaded this along with 8 other updates this morning for my new MBP
04-15-2010, 03:06 PM #6
what would an exploit allow you to do on a Mac? run foreign code that could do what?
04-15-2010, 03:09 PM #7
^ basically get hacked
04-15-2010, 04:12 PM #8
What scares me about this is that this guy is basically sitting on a stockpile of exploits that the software companies don't know about. If the bad guys have just one guy like that, then nobody is safe.
04-15-2010, 04:16 PM #9
@bill 69 Macs are not immune to viruses and other malicious software. These types of things haven't been as much of an issue with apple products because they have held a minority in the home computing world. As apple popularity grows expect to see more and more security issues with thier products
04-15-2010, 04:31 PM #10
Time for the updates yeah.killall Terminal
04-15-2010, 06:34 PM #11
Dang! That was fast! Picture...epic win.Asking for help is different from being stupid. Fanboys can rot in @#$%!