• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Scary Stuff!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Scary Stuff!

  • Subject: Re: Scary Stuff!
  • From: Jens Alfke <email@hidden>
  • Date: Wed, 17 Jun 2015 12:44:55 -0700
As usual, don’t put too much weight into the bite-size digests from the press, especially the Register, which has a track record of sensationalism. Unfortunately the actual truth is fairly bad. I recommend reading the paper:

https://drive.google.com/file/d/0BxxXk1d3yyuZOFlsdkNMSGswSGs/view <https://drive.google.com/file/d/0BxxXk1d3yyuZOFlsdkNMSGswSGs/view>

Haven’t gotten all the way through it, but the security problems in the OS seem to be not about the fundamentals — the integrity of sandboxes and the Keychain are OK — but some slipshod security at the API level and in the ways these components get used. The two OS X attacks I’ve read about are:

1. Keychain ACLs control which apps are allowed to read which Keychain secrets. But it’s possible for a malicious app to create a blank Keychain password item for a secret it knows some other app will store there (like a login password), and give both itself and the real app access. Then the true app will store the secret in the existing Keychain item, which is readable by the malware so it can get the password from it.

2. Sandboxed apps are given private directories named after their bundle IDs. The Mac App Store submission process verifies that an app’s bundle ID is a valid one that’s registered to the developer … but it doesn’t verify the bundle IDs of embedded executables like plugins, which get their own sandboxes. So a malicious app can include a plugin with the bundle ID registered to a real app, and its plugin will be able to share the sandbox with the real app and read/write its data.

(I may have gotten details wrong. Don’t quote me on this, read the paper yourself.)

Both of these are pretty bad. I’m very disappointed that Apple didn’t address these during the six months’ advance notice that the security researchers gave before they went public.

—Jens
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Scary Stuff!
      • From: Doug Hill <email@hidden>
References: 
 >Scary Stuff! (From: Dave <email@hidden>)

  • Prev by Date: Re: Language options: Objective-C, Swift, C or C++?
  • Next by Date: Re: Language options: Objective-C, Swift, C or C++?
  • Previous by thread: Re: Scary Stuff!
  • Next by thread: Re: Scary Stuff!
  • Index(es):
    • Date
    • Thread