Published in News

Another Apple security hole found

by on14 November 2011



Another dump in the sandbox


Boffins at Core Security Technologies have uncovered a security hole that could allow someone to get around the software sandbox restrictions of Mac OS X.

The hole affects Mac OS X 10.7x, 10.6x and 10.5x and is the direct result of Apple’s insistance that all applications submitted to the Mac App store must implement sandboxing. According to Apple this means that the resources applications can access are limited and makes it more difficult for malware to compromise systems. The only problem is that it means that he hackers look closer at the sandboxing technology if they want to crack applications.

According to Core's advisory, several of the default predefined sandbox profiles fail to “properly limit all the available mechanisms." Core said that users and developers have a false sense of security when using Apple's sandbox. While they expect that applications run in these restricted sandbox profiles have one behavior, they may behave in a different way - and in particular, allow for resources that they thought were restricted."

Rate this item
(0 votes)