Showing posts with label VuPen. Show all posts
Showing posts with label VuPen. Show all posts

Wednesday, November 10, 2010

Apple and security issues



The reputation is not everything. And, as usual, Mac OS X did not fail to fail at the last edition of Pwn2Own at CanSecWest. This time, it is the French Security VuPen who managed to find and exploit a flaw in WebKit HTML rendering engine of Safari - in particular.

It must be said that VuPen has made a specialty of so-called "intrusion friendly" or, in other words, the penetration test. Among the clients VuPen Security include including Microsoft, Shell, Sagem or IGN. Their job is the testing of security policies applied to information systems. Teams efficient enough that during the 2009 conference on Security Workshop VuPen has sold out and has attracted the interest of representatives from the retail, telecommunications, or the Army.

For IOS, it's even Safari which served as a gateway. And it's a regular who has taken on the task: Charlie Miller. Security analyst at Independent Security Evaluators, Charlie Miller has been awarded four times during Pwn2Own. Twitter, he describes himself as "Mr. Apple 0-day", ie one that runs from previously unknown flaws in the software firm at the apple. A specialty of Miller, the Fuzzing. An approach to vulnerability research developed mainly by Ari Takanen, CTO of Codenomicon Finnish. Jared DeMott, Charlie Miller, he co-authored a book dedicated to the subject, "Fuzzing, for software security testing and quality assurance", published in 2008 by Artech House. At the end of the book, a case study is also devoted to the search for vulnerabilities in QuickTime Player.

The basic concept of Fuzzing is relatively simple: it is looking application interfaces accessible from the outside and saturate the corrupted data - in the sense that they are not consistent with what the application is supposed to address - and then see what happens ... In a way, we can see a parallel here with the compromise of websites SQL injection: in both cases, the software is not adequately protected against attempts injection data does not correspond to that it must wait for a legitimate user ...

Last year, Charlie Miller stressed in particular that OS X "has a broad surface attack involving open source components, third party components closed [with Flash], and Apple closed components [Preview, etc.].." Each of these software elements can be an attack vector. Recently, as part of an interview with German magazine Heise, he explains his stubbornness to attack Apple's software: "I use various Apple products and it is in my interest that they are as safe as possible [. ..] If you listen that Apple (or Mac fan boys) you believe that Macs are impossible to hack, which is not the case. "

Especially for him, it is important to know the faults to measure the level of software security, it does not boil down to this: "you must take into account those who threaten you, the resources available to them. "So, for him too, right now," a Mac with Snow Leopard is the safest choice [to surf the Internet] mainly because of its market share. "But the Mac's OS is it more secure? No, he answers without reservation: "In my experience, it was easier to find and exploit vulnerabilities in Mac OS X systems in modern Windows (Vista and 7)." Indeed for him, Web browser is the safest Chrome, Google. And recommend the passage of any extension disable unnecessary.