Linked by Thom Holwerda on Tue 7th Mar 2006 15:27 UTC
Mac OS X An Apple Computer patch released last week doesn't completely fix a high-profile Mac OS X flaw, leaving a toehold for cyberattacks, experts said. The update added a function called 'download validation' to the Safari Web browser, Apple Mail client and iChat instant messaging tool. "While Apple added a checkpoint to the downloading and execution process, they did not eliminate this vulnerability," said Kevin Long, an analyst at security specialist Cybertrust and a Mac user for 11 years. "If a user can be tricked into opening a file that looks like a picture, the user may actually be opening a malicious script."
Thread beginning with comment 102248
To read all comments associated with this story, please click here.
sandbox
by Thom_Holwerda on Tue 7th Mar 2006 18:25 UTC
Thom_Holwerda
Member since:
2005-06-29

Wouldn't it be possible to create a sort of sandbox for files downloaded off of the internet? Say I receive 'photo.jpg' that actually happens to be a malicious script. Would it be possible for Apple to implement some sort of simulated open/execute chain?

Instead of actually *really* opening the file (and thus running the terminal + malicious script) it performs a simulated run of the script, and then makes an assertion about whether or not the file is dangerous, using the output of the script?

I'm having a hard time explaining this, so you may need to read this 3 times before you get me :/.

Reply Score: 5

RE: sandbox
by spikeb on Tue 7th Mar 2006 18:36 in reply to "sandbox"
spikeb Member since:
2006-01-18

that's a brilliant idea

Reply Parent Score: 1

RE: sandbox
by croco on Tue 7th Mar 2006 18:49 in reply to "sandbox"
croco Member since:
2005-09-16

Isn't it what anti-virus software should do? I think that some windows av-tools doing exactly this kind of stuff already (dr.web for example).

Reply Parent Score: 1

RE[2]: sandbox
by spikeb on Wed 8th Mar 2006 00:56 in reply to "RE: sandbox"
spikeb Member since:
2006-01-18

the os itself should do it, though. seems like kind of a no brainer

Reply Parent Score: 1