Google Ads
Google Ads

Mac OS X Has Its Own Sandbox Security Hole

A public notification on behalf of CoreLabs Research has been released in which the vulnerability of a potential security threat in the sandboxing feature of Mac OS X is mentioned. According to the notification, it is a possibility that an application which has been sandboxed to get influenced with external processes which are not passed through the sandboxing application and can have the tendency to gain possible privileges which are not allowed by the profile of sandboxing. This was immediately release after the announcement made by Apple Inc. that it would force all the apps that require entering into the system to go through a process of sandboxing which is a security aspect for all Mac OS X users.

Those Mac apps which are confined within the rules set by sandboxing uses a set of entitlement profiles which are predefined by Apple. The mechanism of these profiles is that determine which of the system resources can be used and which are off limits. The research organization discovered that some of the limitations within the default profile which can be actually configured by triggering to certain Events of Apple.  Particularly speaking, Apple events can cause launchd to actually launch a process which will not be restricted by sandboxing.

In the notification, CoreLabs discussed that the default profile setup to restrict the network access can open the socket through osascript, which has the functioning of working over the restricted network access. The first potential danger of such a situation is the entering of a malicious app within the sandboxing rules and regulations and the second major danger is for developers who are of the thought that their apps are locked up properly. It was explained that if the situation of no-network occurs which allows AppleScript Events, it might result out in new programs to use the same restricted rules which in turn will create a false sense of security.

The response of apple on this aspect was almost nothing which was highly criticized by a Senior Product Manager, Alex Horan. Apple answered the overall situation by explaining that the restrictions provided by particular sandboxing profiles are only limited and confined to the process under which the sandboxing rule is applicable.

If the response of the apparent company – Apple – tends to ignore the flaw in it security system, sandboxing, which is the situation in this case, the end result will be that Mac users will be using limited apps without the sandboxing security that has been promised in this feature.

A whole lot of debate is still conducting among software developers whether the imposing of the restriction of sandboxing will be fruitful or not, there are some developers who thing that the positive aspect of security is quite greater than what downsides the feature posses. It should also be added that a developer of Mac OS X also wrote that the restriction of sandboxing is not a solution to all security issues as the entitlements in it are binary solutions and if any loophole is discovered by malware authors, than Apple has no other way then to develop a complete operating patch.

Be Sociable, Share!

    Related Articles

    Back to

    No comments

    Leave a Reply