RSS RSS Twitter Twitter
troubleshooting/tutorials/security

01/31/2007, 12:20pm, EST

Wednesday, January 31st

Month of Apple Bugs exploits Safari

A security researcher who promised to deliver a "Month of Apple Bugs" (MOAB) is exploiting Apple's Safari Web browser while presenting the 29th documented flaw, according to isfym.com. Some Safari users attempting to view bug no. 29 will experience an application hang, and will need to force quit Apple's Web browser as a result. The researcher, who published the month's first vulnerability affecting Apple's QuickTime software on January 2nd, sparked heated debate among Apple enthusiasts who questioned the ethics of revealing security flaws to the masses without providing advanced warning to the software developer -- in this case Apple. The recently-discovered addition of a nested Safari exploit in one of the bug explanations further raises questions about the moral integrity of the Month of Apple Bugs security researcher who uses the handle "LHM."

The vulnerability accompanying bug no. 29 appears to be Safari-specific, and is likely a different JPEG 2000 vulnerability than one Apple fixed with the release of Mac OS X 10.4.8, according to isfym.com.

The image tag contained within the Web page for bug no. 29 appears to reference a specially-crafted JPEG 2000 file that, when downloaded as Safari renders the HTML of the Web page, causes some versions of Apple's browser to hang requiring a force quit.

Interestingly, members of the Apple community banded together in an effort to fix the bugs revealed by the Month of Apple Bugs site shortly after the Month of Apple Bugs was announced, and have successfully fixed many of those bugs within hours of their exposure. Additionally, MOAB recently countered the Mac community's efforts by reporting bugs in the provided bug fixes. Apple fans retorted with further fixes to the vulnerabilities, again securing Mac users against would-be attackers wielding the recently-discovered flaws.

A video surfaced in early August appearing to show two security researchers compromising the security of a MacBook Pro at a Black Hat presentation. The researchers said they chose Apple's hardware as their preferred platform for the demonstration due to a "Mac user base aura of smugness on security."

"We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something," said David Maynor, one of the two security professionals who participated in the demonstration.

Not long after the video circulated across the internet, however, both researchers admitted that the MacBook Pro used to demonstrate the exploit included a third-party wireless device driver which was used to gain access to the notebook. InformationWeek noted that a responsible demonstration policy forbids the installation of flawed drivers to make a point, and Apple responded to the news by acknowledging the admission as proof that its systems are not vulnerable as they were made to appear during the conference.


Filed under: troubleshooting

, , 11comments, del.icio.us, slashdot, digg, buzz , Twitter



11 comments
Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article




Expand All   Global Settings
ClevelandAdv
MOAB
0
01/31, 12:44pm, EST
They have not, it seems come up with the Mother Of All Bugs that would really cause security problems in the Mac community. Crashing my browser is something that many IE only sites have managed to do. I simply relaunch and avoid the site. Wake me when they find something truly dangerous to my Mac.
Fresh-Faced Recruit
Joined Jul 2004
User is offline
zl9600
clearly they have time
0
01/31, 1:06pm, EST
As they're not standing in line to get the latest version of Vista... I mean Mac OsX Tiger for windows.
Forum Regular
Joined Oct 2003
User is offline
godrifle
Irresponsible
0
01/31, 1:21pm, EST
This group is taking their anti-Apple crusade to the extreme by become blackhat hackers resorting to crashing applications of innocent visitors to their web site. I am reporting their site to as many network admins as I can, in the hopes that they'll get what the truly deserve.

I'm all for exposing exploits in Mac OS; however, there is a right way and a childish way...and these guys are childish to the extreme.
Fresh-Faced Recruit
Joined Jan 2006
User is offline
jpellino
31. good riddance.
0
01/31, 2:37pm, EST
unfortunately for the folks providing fixes, it's a bit like a pissing match with a skunk.
Fresh-Faced Recruit
Joined Oct 1999
User is offline
gskibum3
I saw this too.
0
01/31, 4:31pm, EST
I was up in the middle of the night and was getting the crash. Definitely thought something was fishy.

In the morning the crash was gone.
Fresh-Faced Recruit
Joined Nov 2006
User is offline
ecrelin
yawn
0
01/31, 8:26pm, EST
perhaps a good DOS on their site would suit them best but why bother so far they have only revealed that the best they can do is nothing, so let them spit into the wind. And those scumbags from blackhat, I watched the video and they said the drivers that Apple used in Airports were somone elses, I thought they had credibility and then they now reveal what pitiful liars they are. Kinda sucks for glory hounds when someone is a good as they say, it makes them want to have a tantrum or do something mature and intelligent like stick a lit cigarette in someones eye. Can you spell punk? Sorry I forgot their irrelevant names already…
Fresh-Faced Recruit
Joined Oct 2000
User is offline
gskibum3
ecrelin...
0
01/31, 8:40pm, EST
... you nailed my feelings spot on!
Fresh-Faced Recruit
Joined Nov 2006
User is offline
fubar_this
Crashes can be exploited
0
02/01, 12:36am, EST
LMH has shown that by combining any crashing vulnerability with a vulnerabilities in UserNotificationCenter.app, an application crash can be exploited to gain root priviledges. The details are on the site.
Fresh-Faced Recruit
Joined Jul 2006
User is offline
jbruner
Boo hoo
0
02/01, 1:03am, EST
Are you serious? The bug fixes were Application Enhancer "Haxies" -- you know method swizzling, interposing, "dynamically overiding OS X classes". Yah, great idea. This wasn't Landon Fuller or APE's fight to fight of all people, Apple needs to step up and get these things fixed. Things that have been on rdar for a while, or things in BSD that were fixed but not for Darwin, the other "open source" branch. Really the APE fixes were a Pandora's box -- there was an exploit related to APE's use of an Admin writable root SUID file. And the reason some of them might have been hours before was because they were fishing the site trying to get the files before they were released. A most beautiful trap that had uniquely generated code in the trojan so the thieves would be caught. Wow. This was a great month. Haven't had so much fun since The Lost Experience this summer. Every day a new surprise. (OK go fix permissions now, that'll help... see MoAB 5)
Fresh-Faced Recruit
Joined Jun 2003
User is offline
ethical_paul
Month of yawns
0
02/01, 8:16am, EST
ho hum
Fresh-Faced Recruit
Joined Mar 2002
User is offline
Your Comments

In order to post comments: If you are a registered member, please login with your MacNN Forums username and password otherwise please uncheck the checkbox below.


Registered Member?
macnn forums login:

macnn forums password:

Not a member of the MacNN forums? Register now for free.

MacNN iPodNN Electronista
top searches
1. apple
2. iphone
3. apple TV
4. ipod
5. mac
6. BBC
7. icons
8. icon
9. macbook
10. leopard
search for more ..
RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.



  MacNN -all

  MacNN Reviews

  MacNN Podcasts

  iPodNN

  Electronista

  Left Lane News
Want To Sell Your Laptop? Any Condition - receive Top Cash. Get an instant quote. Free shipping www.CashForLaptops.com

Internet Marketing School - 100% Online: Master SEO, SEM, E Commerce, Media & More with a U of San Francisco Certificate.

Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.