Posted June 7 2009
apple art bits c code evil games interaction iphone java js mathematica micro optimization php quine reveng sound swf updates useless video whine xterm zip
Feeds: RSS / Twitter
Feb 12 2011
ASCII/UTF-8 SWFs
I needed some valid SWF files with constrained character sets for an injection PoC. Putting them here in case someone else needs some.
Jul 6 2009
GOTO for Java
PHP has finally taken the plunge into the 1960s by implementing GOTO. Here's an implementation for Java.
Jun 7 2009
Unofficial Java Vulnerability Fix
A patch for a serious Java bug. No longer needed as of June 16.
Jun 2 2009
Max/MSP Multitouch drivers
Max & Michael have written a Max/MSP driver based on the multitouch code.

My CSS-fu is weak; please use a recent browser.

Some rights reserved.

Random, semi-related image by Nathan Rein.

Unofficial Java Vulnerability Fix

A patch for a serious Java bug. No longer needed as of June 16.

What is this?

As of June 16, Apple have finally released an official patch, so this one is no longer needed.

The current publicly available version of Java for Mac OS X has a bug which allows any web page you visit to remotely (and silently) install software on your machine.

This has been exploited by such unscrupulous people as me, for the multitouch demo. Luckily there haven't been any reports of malicious exploits yet (as far as I know). It would be almost trivial to use this to install malware.

This page gains access using that security hole, then patches the bug so it can't be exploited again. Scroll down the page and click the 'Start' button.

Technical details

The vulnerability is CVE-2008-5353. An official fix is available, but only with the latest Java beta and only for registered ADC members. For this criticial a vulnerability, that's just not good enough.

The bytecode for Calendar.readObject() is patched (using the wonderful ASM library) to replace the single call to AccessController.runPrivileged with a version which provides only the required privileges (access to sun.util.calendar) rather than full system access.

Replacing the jar file at... 

/System/Library/Frameworks/JavaVM.framework/Versions/*/Classes/classes.jar

... requires administrator access, so a small C stub is used to call AuthorizationExecuteWithPrivileges. You will be required to authenticate with an administrator password.

The original classes.jar file will be left in /tmp as a backup.

The patch will be overwritten when the official patch from Apple is finally released.

The applet

Again, this is no longer needed if you have run Software Update since June 16, so I have taken it down

Comments