Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac OS X Sandbox Security Hole Uncovered

Posted by samzenpus on from the protect-ya-neck dept.

Gunkerty Jeb writes "Researchers at Core Security Technologies have uncovered a security hole that could allow someone to circumvent the application sandbox restrictions of Mac OS X. The report of the vulnerability, which affects Mac OS X 10.7x, 10.6x and 10.5x, follows Apple's announcement earlier this month that all applications submitted to the Mac App store must implement sandboxing as of March 1, 2012. Sandboxing, Apple has argued, limits the resources applications can access and makes it more difficult for malware to compromise systems. Researchers at Core however revealed Nov. 10 that they had warned Apple in September about a vulnerability in their sandboxing approach. According to Core's advisory, several of the default predefined sandbox profiles fail to 'properly limit all the available mechanisms.' As a result, the sandboxing restrictions can be circumvented through the use of Apple events."

2 of 155 comments (clear)

  1. OSX = IOS by dezent · · Score: 4, Insightful

    What has not yet been lifted in this thread is that OSX and IOS are starting to look a lot more like each other, or OSX is looking a lot more like IOS since Lion upgrade, i think we will see more and more aspects of the mac being locked in. I am seriously looking at going back to Debian for my desktop.

  2. Re:Steam can't run in a sandbox so apple can lock by itsdapead · · Score: 5, Insightful

    Steam can't run in a sandbox so apple can lock them out if they move to more of a app store only system.

    ...and the same is true of MS Office, Adobe CS, Parallels/VMWare etc. So maybe, just maybe, Apple isn't going to lock down OS X until people are no longer buying Macs to run those applications.

    Sure they could decide to go this way - in which case I could feed a Linux or Windows disc in my Mac and give Apple up as a bad job. Personally, I'd be more worried as to whether MS is going to push UEFI secure boot onto every OEM, making it hard to buy any hardware that let you choose which OS to run.

    OTOH the App Store could develop as somewhere that it was safe for a non-Admin account (Grandad, kids, mere employees) to install software from. The whole system wouldn't need to be locked down.

    --
    In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.