“Namely, sending Apple events is possible within the no-network sandbox (kSBXProfileNoNetwork). “Several of the default pre-defined sandbox profiles don’t properly limit all the available mechanisms and therefore allow exercising part of the restricted functionality,” explain the researchers in an advisory. Unfortunately (or fortunately – depends on how you look at it), they discovered a security flaw that allows malicious individuals to “escape” the sandbox.
Following Apple’s announcement that all applications submitted for inclusion in the App Store will have to have sandboxing implemented starting from March 1, 2012, researchers from Core Labs, the research arm of Core Security Technologies, have decided to analyze whether this requirement and the sandboxing practice offer the protection that app developers and Apple believe it does.
0 kommentar(er)
