BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

ABCDKERNELPANIC: Unicode vs. Apple Inc.

Posted August 29, 2013    BeyondTrust Research Team

Yesterday, Russian researchers publicly disclosed the presence of a denial of service vulnerability affecting OS X 10.8 and iOS 6. OS X 10.9 Mavericks and iOS 7 are unaffected. So what’s the big deal with this particular denial of service vulnerability? It’s remotely exploitable and is trivial to trigger. Stringing together a series of Unicode characters, Arabic \u062E\u0337\u0334\u0310\u062E, and making a target display the characters triggers the vulnerability, causing applications to crash immediately.

Malicious Unicode

Malicious Unicode

Third party applications such as Chrome and Twitter (on both iOS and OS X), as well as iOS built-in applications like Messages, crash when displaying the above Unicode. Attackers may even create malicious SSIDs and broadcast them in public places. When a target user goes to join a WiFi network, turn on WiFi, or check their WiFi, the malicious SSID may be rendered by Core Text, a text and font layout and handling mechanism within OS X and iOS. The resulting segmentation fault in Core Text may cause instability in OS X, or even make an iOS device reboot.

Social media services have seen users posting, tweeting, and sharing the malicious Unicode string, prompting Facebook to ban the string from future posts. Having your Twitter feed blow up a Chrome tab isn’t the end of the world, but certainly worth mentioning as curious members of the public and script-kiddies everywhere will be having fun with this until a fix is released.

Tags:
, , , , , , ,

Leave a Reply

Additional articles

PBPS-screenshot-blog aug2014

Failing the Security Basics: Backoff Point-of-Sale Malware

Posted August 22, 2014    Marc Maiffret

At the beginning of this month, US-CERT issued a security alert relating to a string of breaches that had been targeting Point of Sale (POS) systems. The alert details that attackers were leveraging brute forcing tools to target common remote desktop applications such as Microsoft’s Remote Desktop, Apple Remote Desktop, Splashtop and LogMeIn among others….

Tags:
, , , , , ,

Troubleshooting Windows Privilege Management Rules with Policy Monitor

Posted August 21, 2014    Jason Silva

When defining and testing PowerBroker for Windows rules for production or pilots, customers sometimes tell us, “I don’t think this policy / program is working.” This is usually a case of the policy not properly triggering because of the way the rule was created. A unique feature of PowerBroker for Windows compared to other solutions is a client-side…

Tags:
, , ,
darren-mar-elia

BeyondTrust Webcast: Darren Mar-Elia’s 4 Active Directory Change Scenarios to Track

Posted August 20, 2014    Chris Burd

In our latest webcast, we joined Darren Mar-Elia, CTO at SDM Software, to discuss best practices for Active Directory (AD) change management. Here are some key takeaways from the presentation, followed by a link to a full-length video of the presentation. Mar-Elia kicks things off with a critical insight: that the best AD change management…

Tags:
, , , , , , ,