Did Programming Language Flaws Create Insecure Apps?

Several popular interpreted programming languages are affected by severe vulnerabilities that expose apps built on these languages to attacks, according to research presented at the Black Hat Europe 2017 security conference. An anonymous reader writes: The author of this research is IOActive Senior Security Consultant Fernando Arnaboldi, who says he used an automated software testing technique named fuzzing to identify vulnerabilities in the interpreters of five of today's most popular programming languages: JavaScript, Perl, PHP, Python, and Ruby.

Fuzzing involves providing invalid, unexpected, or random data as input to a software application. The researcher created his own fuzzing framework named XDiFF that broke down programming languages per each of its core functions and fuzzed each one for abnormalities. His work exposed severe flaws in all five languages, such as a hidden flaw in PHP constant names that can be abused to perform remote code execution, and undocumented Python methods that can be used for OS code execution. Arnaboldi argues that attackers can exploit these flaws even in the most secure applications built on top of these programming languages.

We all know who is to blame for this:

Lameness filter aborted. Post encountered.

N___N NNN _NNN_ _NNN_ NNNN NNNN_ _NNN_. ooo
NN__N _N_ N___N N___N N___ N___N N___N. ooo
NNN_N _N_ N____ N____ N___ N___N N____. ooo
N_N_N _N_ N_NNN N_NNN NNN_ NNNN_ _NNN_. ooo
N_NNN _N_ N_N_N N_N_N N___ N_N__ ____N. ooo
N__NN _N_ N___N N___N N___ N__N_ N___N. ooo
N___N NNN _NNN_ _NNN_ NNNN N___N _NNN_. ooo

Lameness filter aborted. Post encountered.