The Argentine Core Security claims that the sandbox functionality in Mac OS X to work around. The security company has recently completed a proof-of-concept released. Apple qualifies the vulnerability, however, not as dangerous.
Core Security shows in a proof-of-concept that the sandbox can be bypassed by a new Apple event via osascript to launchd. “A rogue application that’s not on the internet can, by the use of Apple events in theory access to the network, and so can other applications to call that, not by a sandbox will be limited,” said the researchers.
The sandbox is in newer versions of Mac OS X, including Snow Leopard and Lion. Apple wants to have apps in the Mac App Store from march in a sandbox run. Sandboxes should have a better security result. So should developers of an application specify which rights this should have, such as accepting or setting up an internet connection and the use of the webcam. In practice, this means sandboxing on Mac OS X for them that they are in their programs should take into account the new system of powers, if they have the apps in the Mac App Store want to keep.
The well-known hacker Charlie Miller, who last week malware the App Store binnensmokkelde, admitted in 2008 that the sandbox functionality was fragile. For are hack has had, however, an external script to be loaded, that is already on the pc of a user. Apple closed the leak then, so the attack no longer worked.
Core Security discovered the end of september, a similar leak, and suggested that Apple is aware of this. Initially, responded the American company, according to Core laconic. After the proof-of-concept, giving Apple that the sandboxes only work properly in the process in which they are called. The company is considering allegedly the documentation to match.