Select Page

Charlie Miller, Principal Analyst at Baltimore, Md.-based security firm ISE, has made news in the last two days saying that he found 20 perviously-unknown security vulnerabilities in Apple’s OS X operating system. News stories seem to anticipate that he will reveal them at the CanSec West conference next week in his talk “Babysitting an Army of Monkeys: An Analysis of Fuzzing 4 Products with 5 Lines of Python.”

However, Miller tweeted: “To be clear, I’m not revealing 20 apple bugs at #cansec, I’m revealing how I found 20 apple bugs.”

According to reports, Miller found the vulnerabities by flooding operating system and application inputs with massive amounts of corrupted data — a process called fuzzing.

Apple has said they are not aware of the vulnerabilities.

Story from Heise Security here.

It seems to be a good discussion of what Miller is up to.

It’s just plain weird how stories of potential OS X weaknesses make some people foam at the mouth, so, it’s a little difficult to find any discussion of OS X security without a load of “does too – does not” prose. Heise is staying neutral and we’re going to try to stay that way too.

Tom Kelchner

Fatal error: Uncaught wfWAFStorageFileException: Unable to save temporary file for atomic writing. in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:34 Stack trace: #0 /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(658): wfWAFStorageFile::atomicFilePutContents('/home/eckelberr...', '<?php exit('Acc...') #1 [internal function]: wfWAFStorageFile->saveConfig('livewaf') #2 {main} thrown in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 34