Feeds

Security researchers break out of Apple's sandbox

Apple not fussed

The Essential Guide to IT Transformation

Researchers claim to have discovered a vulnerability with the sandbox security mechanism used by Apple.

The sandbox, which is baked into the kernel of Mac OS X, is designed to apply application restrictions, so that code that has no reason to access a network isn't able to access a corporate LAN or the internet, for example. The restriction means that even if the code contains bugs, hackers will be stuck if they try to exploit the vulnerability to do anything else.

All applications published through the App Store "must implement sandboxing" by the start of March 2012.

However, at least according to Core Security, the sandboxing is flawed. Processes directly spawned by a sandboxed application are blocked but indirectly spawned processes are permitted, according to Core, which has published an advisory containing harmless proof of concept code to illustrate its concerns.

The upshot of this is that "you can use Apple Script to tell OS X to start some other arbitrary program (or a second copy of your own) which won't inherit your sandbox settings," explains Paul Ducklin of net security firm Sophos.

Rather than make its sandbox harder to break out of, Apple reportedly wants to address Core's finding by documenting that its restrictions can't be assumed to apply to any process other than the sandboxed one. Core is less than satisfied by this response and wants stricter sandbox controls.

The timeline of Core's dialogue with Apple over the issue once again illustrates the problematic relationship between Apple and security researchers most clearly illustrated by its expulsion of renowned security researcher Charlie Miller from its developer programme last week. Miller found a security hole in iOS that created a means for an application download new unapproved software onto an iPhone or iPad. An application he created exploiting this vulnerability was approved and published on Apple's App Store.

This earned Apple's ire, and expulsion, but if Miller hadn't proved that the problem was real Apple might have been tempted to dismiss it as purely theoretical. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Fiendishly complex password app extension ships for iOS 8
Just slip it in, won't hurt a bit, 1Password makers urge devs
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.