Mac OS X Sandbox Vulnerability “Not a Threat” to Apple

http://www.networkworld.com/news/2011/111411-researchers-bypass-the-restrictions-of-253051.html

Recent additions to Mac OS X allow developers to run their applications in a semi-protected sandbox mode. In this mode, if an attacker were to compromise an application, it would be limited to the resources and permissions of the sandbox environment.

However, security researchers have been able to bypass permissions in the sandbox environment and gain full control of a system via Apple Scripts that can restrict internet access or send malicious scripts to other applications in a non-sandboxed environment. Unfortunately, Apple does not view this a security concern, but will most likely release a patch for it in the next Mac OS X update.

 

 

 

 

Advertisements

6 thoughts on “Mac OS X Sandbox Vulnerability “Not a Threat” to Apple

  1. How is this not a security concern? The fact that someone can bypass the permissions in the sandbox alone is a security risk and the rest that follows.

  2. At least they are on the subject to make a patch for the issue. They might be viewing this not as a vulnerability might come from the fact that it might go public.

  3. It’ll be just like the app store vulneribility. They won’t patch it untill it is exploited.

    • That is unfortunately how it happens sometimes. An attacker sometimes will do that to prove its worth.

  4. The fact that the even recognize it is a good start. Their only problem is in thinking that they are untouchable.

Comments are closed.