Apple Has A Hole In MAC OS X
Apple has failed to fix a bug in its Mac OS X operating system that allows processes to bypass the sandbox protection in place.
The flaw was discovered by Anibal Sacco and Matias Eissler from Core Security Technologies. They let Apple know about the problem on 20 September, and while Apple acknowledged their submission, it said that it did not see any security threat, forcing the Core Security Technologies team to publish the report to the public this month.
The problem appears to be with the use of Apple events in several default profiles, including the no-network and no-internet ones. When Apple events are dispatched a process can escape the sandbox, which could be exploited by hackers.
The vulnerability could lead to a compromised application restricted by the use of the no-network profile gaining access to network resources through the use of Apple events to execute other applications that are not restricted by the sandbox, making it a significant security threat.
Only the more recent versions of Mac OS X are vulnerable to this bug, including 10.5.x, 10.6.x, and 10.7.x. Those using 10.4.x are safe from the exploit.
Firefox 4 Coming Next Week
Mozilla’s Firefox 4, the latest offering of the second most popular Web browser in the world, will be officially released on March 22, 2011.
It’s been a long time coming. The first Firefox 4 beta was released July 6, 2010. At the time, Mozilla was aiming to deliver a release candidate this past autumn.
Launching several months late isn’t ideal but Google’s release practices have made Firefox’s tardiness look worse. Google launched Chrome 5 on May 21, 2010. On March 8, 2011, Google released Chrome 10. Is Firefox now five generations behind Chrome? Hardly. The four major Web browsers — Chrome 10, Firefox 4, Internet Explorer 9, and Safari 5 — are more comparable and competitive than ever before.
Johnathan Nightingale, director of Firefox development, says Firefox has more than 400 million users worldwide and a 30% global market share.
NetApplications, an Internet metrics company, suggest that figure is closer to 22% and flat, if not falling. The most significant number Nightingale cites is six: “Firefox 4 is fast,” he said. “It’s blazing fast. Six times faster than any Firefox we’ve done before.”
Other browser makers make similar claims too, though some of those claims are more actively disputed than others, like Microsoft’s assertions about hardware acceleration. Read more……