Mac OS X Sandbox Security Hole Uncovered

Mac OS X Sandbox Security Hole Uncovered 155

Posted by samzenpus on Sunday November 13, 2011 @07:30PM from the protect-ya-neck dept.

Gunkerty Jeb writes "Researchers at Core Security Technologies have uncovered a security hole that could allow someone to circumvent the application sandbox restrictions of Mac OS X. The report of the vulnerability, which affects Mac OS X 10.7x, 10.6x and 10.5x, follows Apple's announcement earlier this month that all applications submitted to the Mac App store must implement sandboxing as of March 1, 2012. Sandboxing, Apple has argued, limits the resources applications can access and makes it more difficult for malware to compromise systems. Researchers at Core however revealed Nov. 10 that they had warned Apple in September about a vulnerability in their sandboxing approach. According to Core's advisory, several of the default predefined sandbox profiles fail to 'properly limit all the available mechanisms.' As a result, the sandboxing restrictions can be circumvented through the use of Apple events."

Mac OS X Sandbox Security Hole Uncovered

Search 155 Comments Log In/Create an Account

Comments Filter:

Re:Nothing to see here (Score:4, Funny)

by TheRaven64 ( 641858 ) writes: on Monday November 14, 2011 @07:29AM (#38046900) Journal

Yup, no vulnerability at all. Have you read the documentation for using Apple Events? The chances of anyone successfully implementing anything that relies on them is basically zero.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Mac OS X Sandbox Security Hole Uncovered 155

Mac OS X Sandbox Security Hole Uncovered More Login

Mac OS X Sandbox Security Hole Uncovered

Re:Nothing to see here (Score:4, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot