Friday, January 26, 2007

Apple releases Quicktime and Airport Extreme security updates

Apple has released security updates for the vulnerability published during the Month of Apple Bugs as MOAB-01-01-2007 and the closing vulnerability for the Month of Kernel Bugs , MOKB-30-11-2006. The exposure time was of 22 days for the first, and 58 days for the latter (although no public proof of concept was distributed, which would have, most probably, boosted the patch development).

Tuesday, January 23, 2007

Exploiting the otherwise non-exploitable, on Mac OS X

UserNotificationCenter retains wheel privileges on execution time, and still has a UID associated with the current user. Because of this, it will attempt to run any InputManager provided by the user. Code within the input manager will run under wheel privileges. In combination with diskutil and a wheel-writable setuid binary, this allows unprivileged users to gain root privileges.

See the Month of Apple Bugs release and the exploit. This issue can be abused by fully unprivileged users and triggered via any of the so-called 'crashes' (ex. alleged 'denial of service'-only issues...).

A tribute to the Month of Browser Bugs, and specially Matt Miller, HD Moore and Skywing.

Sunday, January 07, 2007

Inline Media Encryptor

Description from the NSA website about IME:

The Inline Media Encryptor (IME) is a government-developed media encryption device. It is positioned "in line" between the computer processor and hard drive to ensure that anything stored to the hard drive gets encrypted and anything retrieved from the hard drive gets decrypted. The IME protects data classified Top Secret and below. Data stored on the hard drive is considered unclassified when encrypted.

Nice. Read about the features. Certainly hardware based solutions are extremely useful. Wonder if there's a commercial device that conforms to similar standards available for public consumption. Hopefully not.

Friday, January 05, 2007

January first week digest

There has been a significant work load, between working on exploit code and dealing with press and media. Looks like some stuff has been going around:

More to come if there's time for it.