Security expert Charlie Miller intends to disclose a potentially record-breaking 20 zero day security holes in Apple’s Mac OS X in one fell swoop. The details are to be revealed in his presentation at the Canadian CanSecWest security conference next week. Miller, who is already known for having discovered a number of bugs in Mac OS X, talked with heise Security, The H’s German associates, about his new findings and about the security of Apple’s operating system beforehand.
The approximately 20 zero-day holes are contained in closed source Apple products, said Miller. "OS X has a large attack surface consisting of open source components (i.e. webkit, libz, etc), closed source 3rd party components (Flash), and closed source Apple components (Preview, mdnsresponder, etc). Bugs in any of these types of components can lead to remote compromise", he emphasised.
Miller discovered the new vulnerabilities by fuzzing, a process which involves bombarding an application’s input channels with as much corrupted data as possible. His presentation is subtitled: "An analysis of fuzzing 4 products with 5 lines of Python". The expert explained: "The talk is about what you really find when you fuzz and it tries to draw conclusions about what to expect in the future when you fuzz a mature product." Parts of the presentation apparently consist of statistics, for instance, about which percentage of flaws causes crashes, and which percentage can be exploited remotely.