Today sees the CanSecWest conference get underway in Vancouver, British Columbia and among the highlights is predicted to be the unveiling of 20 zero-day exploits in the Mac OS X platform.
Security researcher Charlie Miller, whose previous presentations included a demonstration of a vulnerability in the Apple iPhone, will speak on analysis of fuzzing at the conference. Speaking to ThreatPost.com, Miller explained that he took the most naive approach to fuzzing and performed it against Preview/Safari, Adobe Reader, MS PowerPoint and Open Office.
He said: “The idea of the talk was to record exactly what I found and gather statistics, i.e. how many crashes do you find, how many unique crashes, how many are 'exploitable', etc. Almost every fuzzing talk is either 'here is a new super way to fuzz' or 'I found this bug with fuzzing', but there isn't much out there about what you really can expect to find if you start fuzzing something.”
In an interview with Forbes, Miller gave more insight into his discoveries, claiming that he had found 30 previously unknown critical security vulnerabilities in common software, 20 of which are in Apple's Preview application.
He claimed that he was surprised that he was able to find any bugs at all with the simple method, let alone 20 in a single program. This, he said, shows that companies such as Apple are still not taking basic steps in their own security testing.
He said: “It's shocking that Apple didn't do this first. The only skill I have used here is patience. Microsoft, Apple and Adobe all have huge security teams, and I'm one guy working out of my house. I shouldn't be able to find bugs like these, ever.”
He also claimed that he had not informed Apple about his new bugs and he says he had not decided yet what to do with them, and was considering keeping the details of his bugs secret and watching to see how long it takes the software vendors to patch them after his Vancouver talk.
On his Twitter page, Miller said: “I do believe the second amendment gives me the right to keep my stockpile of zero-days. Thank you bill of rights.”