x404.co.uk
http://www.x404.co.uk/forum/

Charlie Miller on Apple Security
http://www.x404.co.uk/forum/viewtopic.php?f=19&t=13054		 Page 1 of 1
Author:  big_D [ Thu Mar 17, 2011 8:52 am ]
Post subject:  Charlie Miller on Apple Security
https://www.infosecisland.com/blogview/ ... urity.html

Quote:
Q: The myth that Apple operating systems are inherently more secure is slowly abating as Apple gains in market share and becomes a more attractive target for attackers; do you believe the relatively slow adoption of security standards like Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) was simply a matter of cost over benefit?

A: Product security is something that is very hard to measure. Because of this, it is difficult for users to make purchasing decisions based on security and therefore companies have little incentive to spend money on it.

Apple doesn't have a perceived security problem by customers and so they haven't had a need to invest heavily in it. I've done what I can to try to educate people that Apple products aren't magical and can have security problems like every other product.

Q: Can you explain how DEP differentiates between data and executable code to prevent a successful exploit?

A: Each page in memory is marked as either executable or non-executable and the processor will not allow pages marked as non-executable to execute. In this way, the actual program and its associated libraries will run fine, but if the processor tries to execute data provided by the user (i.e. attacker), it will crash rather than "run" the data.

...
Author:  bobbdobbs [ Thu Mar 17, 2011 9:14 am ]
Post subject:  Re: Charlie Miller on Apple Security
Quote:
After the random drawing, I was fourth in line. So, four of us showed up with Safari exploits, but the first team won (from VUPEN). Now, the contest is over for that target and there are three of us with exploits but nothing to do with them.

Thats the worrying bit. If they have to submit those exploits as well then theres a good chance they will be addressed other wise...
Author:  big_D [ Thu Mar 17, 2011 9:29 am ]
Post subject:  Re: Charlie Miller on Apple Security
It is also interesting to see, that Apple is playing catch-up with Windows Phone 7 with the 4.3 release...
Author:  Amnesia10 [ Thu Mar 17, 2011 9:36 am ]
Post subject:  Re: Charlie Miller on Apple Security
bobbdobbs wrote:
Quote:
After the random drawing, I was fourth in line. So, four of us showed up with Safari exploits, but the first team won (from VUPEN). Now, the contest is over for that target and there are three of us with exploits but nothing to do with them.

Thats the worrying bit. If they have to submit those exploits as well then theres a good chance they will be addressed other wise...

Yes wasn't one of this years Pwn2Own winners an exploit held over for a year or more? There should be ongoing payments for the developers. I can see why they do not disclose them if they can get fame and a new laptop for cracking it publicly.
Author:  big_D [ Thu Mar 17, 2011 12:39 pm ]
Post subject:  Re: Charlie Miller on Apple Security
Charlie Miller wrote:
"However, experience shows me that OS X probably has more bugs than a Windows browser. Every QuickTime vulnerability is accessible through the browser, and there are a lot of those! As for difficulty of exploitation, Mac OS X is weaker than Windows 7 as well. The industry standard for stopping exploitation are Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP). While these are highly technical terms, the fact is that Windows since Vista practises full ASLR and DEP while OS X does not. OS X only randomises some portions of memory and so does not have full ALSR and its DEP is limited to only 64-bit processes, like Safari, but does not affect 32-bit processes like Flash."
Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/