Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

+ - Mac OS X Sandbox Security Hole Uncovered->

Submitted by Gunkerty Jeb
Gunkerty Jeb (1950964) writes "Researchers at Core Security Technologies have uncovered a security hole that could allow someone to circumvent the application sandbox restrictions of Mac OS X.

The report of the vulnerability, which affects Mac OS X 10.7x, 10.6x and 10.5x, follows Apple’s announcement earlier this month that all applications submitted to the Mac App store must implement sandboxing as of March 1, 2012. Sandboxing, Apple has argued, limits the resources applications can access and makes it more difficult for malware to compromise systems.

Researchers at Core however revealed Nov. 10 that they had warned Apple in September about a vulnerability in their sandboxing approach. According to Core's advisory, several of the default predefined sandbox profiles fail to “properly limit all the available mechanisms." As a result, the sandboxing restrictions can be circumvented through the use of Apple events."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Mac OS X Sandbox Security Hole Uncovered

Comments Filter:

Using TSO is like kicking a dead whale down the beach. -- S.C. Johnson

Working...