toggle

AAPL Stock: 109.41 ( + 2.67 )

Printed from http://www.macnn.com

Month of Apple Bugs exploits Safari

updated 12:20 pm EST, Wed January 31, 2007

MOAB exploits Safari

A security researcher who promised to deliver a "Month of Apple Bugs" (MOAB) is exploiting Apple's Safari Web browser while presenting the 29th documented flaw, according to isfym.com. Some Safari users attempting to view bug no. 29 will experience an application hang, and will need to force quit Apple's Web browser as a result. The researcher, who published the month's first vulnerability affecting Apple's QuickTime software on January 2nd, sparked heated debate among Apple enthusiasts who questioned the ethics of revealing security flaws to the masses without providing advanced warning to the software developer -- in this case Apple. The recently-discovered addition of a nested Safari exploit in one of the bug explanations further raises questions about the moral integrity of the Month of Apple Bugs security researcher who uses the handle "LHM."

The vulnerability accompanying bug no. 29 appears to be Safari-specific, and is likely a different JPEG 2000 vulnerability than one Apple fixed with the release of Mac OS X 10.4.8, according to isfym.com.

The image tag contained within the Web page for bug no. 29 appears to reference a specially-crafted JPEG 2000 file that, when downloaded as Safari renders the HTML of the Web page, causes some versions of Apple's browser to hang requiring a force quit.

Interestingly, members of the Apple community banded together in an effort to fix the bugs revealed by the Month of Apple Bugs site shortly after the Month of Apple Bugs was announced, and have successfully fixed many of those bugs within hours of their exposure. Additionally, MOAB recently countered the Mac community's efforts by reporting bugs in the provided bug fixes. Apple fans retorted with further fixes to the vulnerabilities, again securing Mac users against would-be attackers wielding the recently-discovered flaws.

A video surfaced in early August appearing to show two security researchers compromising the security of a MacBook Pro at a Black Hat presentation. The researchers said they chose Apple's hardware as their preferred platform for the demonstration due to a "Mac user base aura of smugness on security."

"We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something," said David Maynor, one of the two security professionals who participated in the demonstration.

Not long after the video circulated across the internet, however, both researchers admitted that the MacBook Pro used to demonstrate the exploit included a third-party wireless device driver which was used to gain access to the notebook. InformationWeek noted that a responsible demonstration policy forbids the installation of flawed drivers to make a point, and Apple responded to the news by acknowledging the admission as proof that its systems are not vulnerable as they were made to appear during the conference.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. ClevelandAdv

    Joined: Dec 1969

    0

    MOAB

    They have not, it seems come up with the Mother Of All Bugs that would really cause security problems in the Mac community. Crashing my browser is something that many IE only sites have managed to do. I simply relaunch and avoid the site. Wake me when they find something truly dangerous to my Mac.

  1. zl9600

    Joined: Dec 1969

    0

    clearly they have time

    As they're not standing in line to get the latest version of Vista... I mean Mac OsX Tiger for windows.

  1. godrifle

    Joined: Dec 1969

    0

    Irresponsible

    This group is taking their anti-Apple crusade to the extreme by become blackhat hackers resorting to crashing applications of innocent visitors to their web site. I am reporting their site to as many network admins as I can, in the hopes that they'll get what the truly deserve.

    I'm all for exposing exploits in Mac OS; however, there is a right way and a childish way...and these guys are childish to the extreme.

  1. jpellino

    Joined: Dec 1969

    0

    31. good riddance.

    unfortunately for the folks providing fixes, it's a bit like a pissing match with a skunk.

  1. gskibum3

    Joined: Dec 1969

    0

    I saw this too.

    I was up in the middle of the night and was getting the crash. Definitely thought something was fishy.

    In the morning the crash was gone.

  1. ecrelin

    Joined: Dec 1969

    0

    yawn

    perhaps a good DOS on their site would suit them best but why bother so far they have only revealed that the best they can do is nothing, so let them spit into the wind. And those scumbags from blackhat, I watched the video and they said the drivers that Apple used in Airports were somone elses, I thought they had credibility and then they now reveal what pitiful liars they are. Kinda sucks for glory hounds when someone is a good as they say, it makes them want to have a tantrum or do something mature and intelligent like stick a lit cigarette in someones eye. Can you spell punk? Sorry I forgot their irrelevant names already…

  1. gskibum3

    Joined: Dec 1969

    0

    ecrelin...

    ... you nailed my feelings spot on!

  1. fubar_this

    Joined: Dec 1969

    0

    Crashes can be exploited

    LMH has shown that by combining any crashing vulnerability with a vulnerabilities in UserNotificationCenter.app, an application crash can be exploited to gain root priviledges. The details are on the site.

  1. jbruner

    Joined: Dec 1969

    0

    Boo hoo

    Are you serious? The bug fixes were Application Enhancer "Haxies" -- you know method swizzling, interposing, "dynamically overiding OS X classes". Yah, great idea. This wasn't Landon Fuller or APE's fight to fight of all people, Apple needs to step up and get these things fixed. Things that have been on rdar for a while, or things in BSD that were fixed but not for Darwin, the other "open source" branch. Really the APE fixes were a Pandora's box -- there was an exploit related to APE's use of an Admin writable root SUID file. And the reason some of them might have been hours before was because they were fishing the site trying to get the files before they were released. A most beautiful trap that had uniquely generated code in the trojan so the thieves would be caught. Wow. This was a great month. Haven't had so much fun since The Lost Experience this summer. Every day a new surprise. (OK go fix permissions now, that'll help... see MoAB 5)

  1. ethical_paul

    Joined: Dec 1969

    0

    Month of yawns

    ho hum

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...

toggle

Most Commented