I wonder if any of the 20 exploits also work on Adobe Reader…

“he’s also considering keeping his research from Apple to see how long it takes the company to find and patch the flaws.”

Is he keeping his research from anyone else?

First, the security flaws appear to be trojans. How many times does it need to be said - NO platform is secure from trojans. The system asks the user if it should do something and the user says ‘yes’. How is the system supposed to protect stupid users from themselves.

Second, note the way this is worded: the crafted PDF document (assuming that you can trick the user into downloading it) can crash Safari and “potentially gain access”. Every few weeks, we hear about things that could ‘potentially’ gain access to the Mac, but they never do.  How about if he comes back if he finds a REAL security flaw?

How about if he comes back if he finds a REAL security flaw?

jragosta, he does gain access to the Mac. That’s why it’s a security flaw. Maybe you aren’t familiar with the Pwn2Own contest, but Charlie Miller won $10,000 in 2008, and he won $5,000 in 2009.

He also demonstrated how to gain control of mobile phones with an SMS vulnerability that affected the iPhone, Android based handsets, and Windows Mobile based handsets.

As a former NSA agent and Doctor of Mathematics, he’s pretty good at this stuff.

“The moral of the story is that if Apple wants to keep its products secure, it needs to be doing what I’m doing,” he said. “I’m one guy working out of my house. I shouldn’t be able to find bugs like these, ever.”

Yea, sure.  I’m sure all of the scum that make trojans, viruses and spyware aren’t working out of their houses.  They probably have a cushy office to go to.
He either has an extreme case of narcissism, or he really wants Apple to hire him.  Either way he’s a douche.

I’m quite familiar with Pwn2Own. That’s the one where you need physical access to the computer to hack the Mac. Sorry, but NO system is secure if you give someone physical access. I’m just not going to lose sleep over it.

In the REAL world, there are still zero Mac OS X viruses. Zero. None. Zip. Nada. Zilch. Argue all you want about whether it’s obscurity or design. The fact is that a Mac user doesn’t have to worry about someone remotely gaining access to his computer unless he does something stupid.

I’m quite familiar with Pwn2Own. That’s the one where you need physical access to the computer to hack the Mac.

LoL! And that statement shows that you clearly don’t know jack about Pwn2Own!

a Mac user doesn’t have to worry about someone remotely gaining access to his computer unless he does something stupid.

Unfortunately there are people using Macs who might do something stupid and have an Admin account. But yeah, don’t give Miller physical access to the Mac or iPhone and see how he does.

Preview can open dozens of different kinds of documents, with and without color tables, and variations on internal formats.  There are probably thousands more bugs waiting to be found.  I agree with Charlie though, Apple should be fuzzing the heck out of their own software, but expecting their software to be completely bug free is ridiculous.  There are nearly infinite combinations of different image formats + color tables + various compression techniques.

I wrote a fuzzer a couple years ago and found many issues too.  One of the interesting things is that many of those fuzzed files crash Spotlight when it tries to index the file!  So you don’t even need to manually open a downloaded image, spotlight will open it for you.

Wow. ~~~Yawn~~~ If these are the kinds of ‘security holes’ for the Mac, that are deemed important enough to grab headlines (no offense to TMO), it makes me feel all the happier and more secure that I use Macs as well as recommending them to family and friends.

“he’s also considering keeping his research from Apple to see how long it takes the company to find and patch the flaws”

Yep, no agenda there. This guy doesn’t have a hate on for Apple at all. I mean, there’s no chance someone else may have found or will find the exploit, so why help Apple and its millions of users out when you can self-promote yourself?

The guy is fishy, and so is the PWN2OWN contest. They say all work needs to be done at the contest, and yet they allow people to use exploits they’ve already found and written code for. Then they relax the rules day by day until they might as well be simulating me allowing someone to walk in my door, turn on my system, and attach a hard drive to it to dupe my drive. Whatever truth these people might turn up is drowned out by the hype and the childish games. If he was truly one of the good guys, he should hand his work over to Apple immediately (or to Microsoft or to the Linux community depending on what he’s working on at the time). Waiting until PWN2OWN is irresponsible and simply makes his integrity questionable.

Actually, he doesn’t have any hate for Apple - in interviews he is quite clear that he uses OS X as his OS of choice - because security isn’t the only reason to use an OS (otherwise no one would use XP) - applications are the reason you use an OS.

He’s a genuine Machead - who spends a good period of time trying to crack it. Getting from the point he’s achieved to a real exploit isn’t that difficult (you daisy-chain known exploits together to get yourself execution at the right priveledge level) but he’s not going to give information on how to weaponise his hack.

Each year he gets a good bit of publicity, and you can bet that, in turn, generates paid work. I also hope he stays independent, because this kind of pressure is the only thing that will make Apple better - it’s got to be embarrassing when OS X falls before Windows.

Adobe Reader had 3 issues compared to Preview’s 20.

Apple are definitely at fault here - this isn’t difficult testing - with a bank of a few hundred machines, you could do it in hours. They’re being sloppy, precisely because there are no wild exploits - but one day that is going to bite us, and I expect better, considering the money we pay them. How many billion in the bank??

Do I feel any less safe? No.
Am I disappointed in what it says about Apple’s QA? Yes.

If it isn’t difficult, then someone else probably knows this, and Miller is being entirely irresponsible for holding on to his information and not immediately giving it to Apple now. Since there does not appear to be a wild outbreak of hacked Macs out here, I doubt it is that easy. Difficult or easy, Miller should hand over his info instead of sitting back and chortling to himself while watching “how long it takes [Apple] to find and patch the flaws.” That’s childish, narcissistic b.s.

Well let’s see if it’s as bad as hi says?
Any way, when is Apple gonna learn to make products that isn’t WinTel like. I mean full of errors!

Dan Plesner Henriksen
www.cph-visual.com