Charlie Miller, Principal Analyst at Baltimore, Md.-based security firm ISE, has made news in the last two days saying that he found 20 perviously-unknown security vulnerabilities in Apple’s OS X operating system. News stories seem to anticipate that he will reveal them at the CanSec West conference next week in his talk “Babysitting an Army of Monkeys: An Analysis of Fuzzing 4 Products with 5 Lines of Python.”
However, Miller tweeted: “To be clear, I’m not revealing 20 apple bugs at #cansec, I’m revealing how I found 20 apple bugs.”
According to reports, Miller found the vulnerabities by flooding operating system and application inputs with massive amounts of corrupted data — a process called fuzzing.
Apple has said they are not aware of the vulnerabilities.
Story from Heise Security here.
It seems to be a good discussion of what Miller is up to.
It’s just plain weird how stories of potential OS X weaknesses make some people foam at the mouth, so, it’s a little difficult to find any discussion of OS X security without a load of “does too – does not” prose. Heise is staying neutral and we’re going to try to stay that way too.