Fresh from winning the PWN2OWN contest yesterday, Charlie Miller has been interviewed by ZDNet. He talks about how Mac OS X is a very simple operating system to exploit due to the lack of any form of anti-exploit features. He also explains that the underlying operating system is much more important in creating a successful exploit than the bowser, why Chrome is so hard to hack, and many other things.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2006-05-11
Make exploit hard, yes. Exponentially? I don't think so. After Windows adopted some anti-exploit features, the exploiting become not so straightforward and not so handy. But, at last there is some programmatic way to automate the exploiting procedure as long as the anti-exploit features themselves are program. So it is one-shot effort to break the anti-exploit feature, not exponential. By saying anti-exploit is not bad, it is enough to make me NOT WRONG. It just doesn't matter.
Member since:2006-01-02
It's pretty costly to develop an exploit against a Vista flaw. From Immunity Inc:
http://www.immunitysec.com/downloads/ApologyofOdays.pdf
Page 37: From Bug to Reliable Exploit on Win2k - ~12 days
Page 38: SP2/2k3 - ~20 days
Page 39: Vista - ~40 days
If it takes that amount of time for an expert researcher who is known in the 'grey' community for coming up with exploits for difficult areas, then chances are good that the average pre-packaged vulnerability will be quite expensive and a lot of potentially purchasers will become discouraged.
Also if the learning curve for exploit writing is steep enough maybe people will stop looking so hard (who's going to spend that much of their life looking for something when few people ever succeed?).
Member since:
2008-02-26
I don't say providing those feature is bad, but they do little matter. Go to fix security hole and provide update as soon as possible. Make your applications running as least privilege.
Euh, did you read the same article as everyone else?
Specifically he said that once you use some OS-side security measure, an exploitable bug in an app becomes difficult to exploit, exponentially more so the more measures there are.
So, no, you are wrong and Apple IS wrong.