Feeds

Security researchers break out of Apple's sandbox

Apple not fussed

New hybrid storage solutions

Researchers claim to have discovered a vulnerability with the sandbox security mechanism used by Apple.

The sandbox, which is baked into the kernel of Mac OS X, is designed to apply application restrictions, so that code that has no reason to access a network isn't able to access a corporate LAN or the internet, for example. The restriction means that even if the code contains bugs, hackers will be stuck if they try to exploit the vulnerability to do anything else.

All applications published through the App Store "must implement sandboxing" by the start of March 2012.

However, at least according to Core Security, the sandboxing is flawed. Processes directly spawned by a sandboxed application are blocked but indirectly spawned processes are permitted, according to Core, which has published an advisory containing harmless proof of concept code to illustrate its concerns.

The upshot of this is that "you can use Apple Script to tell OS X to start some other arbitrary program (or a second copy of your own) which won't inherit your sandbox settings," explains Paul Ducklin of net security firm Sophos.

Rather than make its sandbox harder to break out of, Apple reportedly wants to address Core's finding by documenting that its restrictions can't be assumed to apply to any process other than the sandboxed one. Core is less than satisfied by this response and wants stricter sandbox controls.

The timeline of Core's dialogue with Apple over the issue once again illustrates the problematic relationship between Apple and security researchers most clearly illustrated by its expulsion of renowned security researcher Charlie Miller from its developer programme last week. Miller found a security hole in iOS that created a means for an application download new unapproved software onto an iPhone or iPad. An application he created exploiting this vulnerability was approved and published on Apple's App Store.

This earned Apple's ire, and expulsion, but if Miller hadn't proved that the problem was real Apple might have been tempted to dismiss it as purely theoretical. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Leak of '5 MEELLLION Gmail passwords' creates security flap
You should be OK if you're not using ANCIENT password
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Enigmail PGP plugin forgets to encrypt mail sent as blind copies
User now 'waiting for the bad guys come and get me with their water-boards'
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.