Free Republic
Browse · Search 		Smoky Backroom
Topics · Post Article

To: driftdiver
SYou did see that adobe based attack last week. The one that also impacted Mac.

I saw the reports of the vulnerability in Adobe Reader and Adobe Flash that had ZERO day EXPLOITS in Windows and apparently in Android OS devices... but none in Apple OSX... and certainly none in the iOS devices.

Neither of the vulnerabilities of the buffer overflows can do a thing in the NON-EXECUTABLE data stacks of OSX where the malicious files of Flash or PDFs would be placed by the OS that could possibly result in an Arbitrary Code Execution EXPLOIT. That was not the case for Windows. Some Windows computers were similarly protected, but others were not.

In the case of OSX and iOS, PDFs are usually read by native, non-Adobe, routines built into the OS... so they are not at risk either. IF someone has, for some reason, jail broken an iOS device—which do not have non-executable data stacks—and installed an Adobe reader or Flash player (I am not even sure either one is available—no, I just did a search and there aren't) then, they too, like the Android OS devices, might be susceptible to the exploits that have been seen for the Android devices. But, so far, for both non-jail broken and jail broken devices, nope,not happening.

For OSX, as I said, the PDFs and Flash files will be loaded into the non-Executable data stacks... and again the problem will be handled by the fact that any malicious executable code stuffed into the maliciously crafted PDF or Flash files simply cannot execute in those memory locations. The OS will not permit it to do so. Unless you can show me how Non-Executable memory can be suddenly changed to executable, I am not at all concerned.

So, yes, driftdiver, I saw the vulnerability reported last week created by the incompetent programming done by Adobe, again, and said "Ho Hum." Apple's multi-faceted security approach has pretty much made the possibility of that vulnerability doing much more than crashing Adobe Reader or Adobe Flash creating a temporary Denial of Service an impossibility.

And, no, driftdiver, it did not "Impact(ed) the Mac." Not one.

163 posted on 09/15/2010 5:55:39 PM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone!)
[ Post Reply | Private Reply | To 159 | View Replies ]

To: Swordmaker; driftdiver
In the case of OSX and iOS, PDFs are usually read by native, non-Adobe, routines built into the OS... so they are not at risk either. IF someone has, for some reason, jail broken an iOS device—which do not have non-executable data stacks—and installed an Adobe reader or Flash player (I am not even sure either one is available—no, I just did a search and there aren't) then, they too, like the Android OS devices, might be susceptible to the exploits that have been seen for the Android devices. But, so far, for both non-jail broken and jail broken devices, nope,not happening.

Sorry Sword, remember "jailbreakme.com"? That was an ACE exploit used to JAILBREAK the iPhone. Meaning that malformed PDF actually ROOTED the phone, just by trying to open it. Bone-stock iOS install completely compromised by an ACE.

You're wrong here. That was PROOF POSITIVE that an ACE exploit could completely root iOS without anything more than just visiting a website. It was bone-stock Apple code on bone-stock iOS that was compromised.

Sorry, you're wrong. Now the question is: will you admit it?

171 posted on 09/15/2010 6:26:22 PM PDT by PugetSoundSoldier (Indignation over the Sting of Truth is the defense of the indefensible)
[ Post Reply | Private Reply | To 163 | View Replies ]

Free Republic
Browse · Search 		Smoky Backroom
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson