Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customise your settings, hit “Customise Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences

  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.
Sign in

Security researchers break out of Apple's sandbox

Apple not fussed

John Leyden Tue 15 Nov 2011 // 09:31 UTC

Researchers claim to have discovered a vulnerability with the sandbox security mechanism used by Apple.

The sandbox, which is baked into the kernel of Mac OS X, is designed to apply application restrictions, so that code that has no reason to access a network isn't able to access a corporate LAN or the internet, for example. The restriction means that even if the code contains bugs, hackers will be stuck if they try to exploit the vulnerability to do anything else.

All applications published through the App Store "must implement sandboxing" by the start of March 2012.

However, at least according to Core Security, the sandboxing is flawed. Processes directly spawned by a sandboxed application are blocked but indirectly spawned processes are permitted, according to Core, which has published an advisory containing harmless proof of concept code to illustrate its concerns.

The upshot of this is that "you can use Apple Script to tell OS X to start some other arbitrary program (or a second copy of your own) which won't inherit your sandbox settings," explains Paul Ducklin of net security firm Sophos.

Rather than make its sandbox harder to break out of, Apple reportedly wants to address Core's finding by documenting that its restrictions can't be assumed to apply to any process other than the sandboxed one. Core is less than satisfied by this response and wants stricter sandbox controls.

The timeline of Core's dialogue with Apple over the issue once again illustrates the problematic relationship between Apple and security researchers most clearly illustrated by its expulsion of renowned security researcher Charlie Miller from its developer programme last week. Miller found a security hole in iOS that created a means for an application download new unapproved software onto an iPhone or iPad. An application he created exploiting this vulnerability was approved and published on Apple's App Store.

This earned Apple's ire, and expulsion, but if Miller hadn't proved that the problem was real Apple might have been tempted to dismiss it as purely theoretical. ®

8 Comments

Similar topics

Other stories you might like

Biting the hand that feeds IT © 1998–2021

Your Consent Options Cookies Privacy Ts&Cs