Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac OS X Sandbox Security Hole Uncovered

Posted by samzenpus on from the protect-ya-neck dept.

Gunkerty Jeb writes "Researchers at Core Security Technologies have uncovered a security hole that could allow someone to circumvent the application sandbox restrictions of Mac OS X. The report of the vulnerability, which affects Mac OS X 10.7x, 10.6x and 10.5x, follows Apple's announcement earlier this month that all applications submitted to the Mac App store must implement sandboxing as of March 1, 2012. Sandboxing, Apple has argued, limits the resources applications can access and makes it more difficult for malware to compromise systems. Researchers at Core however revealed Nov. 10 that they had warned Apple in September about a vulnerability in their sandboxing approach. According to Core's advisory, several of the default predefined sandbox profiles fail to 'properly limit all the available mechanisms.' As a result, the sandboxing restrictions can be circumvented through the use of Apple events."

3 of 155 comments (clear)

  1. Re:Nothing to see here by MichaelKristopeit353 · · Score: -1, Offtopic
    you're an ignorant hypocrite.

    why do you cower in my shadow? what are you afraid of?

    you're completely pathetic.

  2. Re:Nothing to see here by epyT-R · · Score: -1, Offtopic

    you sure it's 3in? did you use your iphone based 'acoustic ruler' to measure?

  3. Re:Broken concept by MichaelKristopeit401 · · Score: -1, Offtopic

    "proper" is relative to intention... if one application is trusted to engage in network activity, and another application that isn't trusted to engage in network activity, but is trusted to communicate with the other application and proxy network requests through it, that isn't a breakdown in security... it's completely proper, as the intention was for ease of security policy administration.