Mac OS X Sandbox Security Hole Uncovered

Posted by samzenpus on Sunday November 13, 2011 @11:30AM from the protect-ya-neck dept.

Gunkerty Jeb writes "Researchers at Core Security Technologies have uncovered a security hole that could allow someone to circumvent the application sandbox restrictions of Mac OS X. The report of the vulnerability, which affects Mac OS X 10.7x, 10.6x and 10.5x, follows Apple's announcement earlier this month that all applications submitted to the Mac App store must implement sandboxing as of March 1, 2012. Sandboxing, Apple has argued, limits the resources applications can access and makes it more difficult for malware to compromise systems. Researchers at Core however revealed Nov. 10 that they had warned Apple in September about a vulnerability in their sandboxing approach. According to Core's advisory, several of the default predefined sandbox profiles fail to 'properly limit all the available mechanisms.' As a result, the sandboxing restrictions can be circumvented through the use of Apple events."

5 of 155 comments (clear)

Min score:

Reason:

Sort:

Re:Nothing to see here by MichaelKristopeit353 · 2011-11-13 11:43 · Score: -1, Troll

slashdot = stagnated
Re:Nothing to see here by Anonymous Coward · 2011-11-13 11:48 · Score: -1, Troll

But for some reason you're still here, stroking your e-peen and casting your 3-inch shadow.
Re:Nothing to see here by MichaelKristopeit355 · 2011-11-13 12:29 · Score: -1, Troll

you're. an. ignorant. hypocrite.
Re:Nothing to see here by MichaelKristopeit400 · 2011-11-13 12:31 · Score: -1, Troll

are you suggesting there is absolutely no potential for redemption of this internet website chat room message board?
do you know what stagnation implies?
you're an idiot.
cower in my shadow some more, feeb.
you're completely pathetic.
Re:No, this is a very serious issue. by LordLimecat · 2011-11-13 15:16 · Score: 0, Troll

I dont think "strawmen" describes his post-- what idea did he set up for ridicule and then tear down?