sandboxing

Apple recently released OS X 10.8.3 along with security updates for past versions of OS X, and while the updates have worked properly for the vast majority of users, a few have reported having the problem that certain programs like Preview and TextEdit now will not run. When the program is opened, in some cases the system prompts users to authenticate and repair the user Library, but after this is done the program simply quits after bouncing in the OS X Dock for a few seconds. In other cases the program may simply crash and generate an error … Read more

It's just a proof of concept for now, but a newly revealed Java vulnerability could have very widespread repercussions.

Security research company Security Explorations has issued a description of a new critical security flaw in Java SE 5 build 1.5.0_22-b03, Java SE 6 build 1.6.0_35-b10, and the latest Java SE 7 build 1.7.0_07-b10. This error is caused by a discrepancy with how the Java virtual machine handles defined data types (a type-safety error) and in doing so violates a fundamental security constraint in the Java runtime, allowing a complete bypass of the Java … Read more

Google has improved Flash sandboxing in the latest version of its Chrome browser for Windows, boosting its security and reducing crashes by as much as 20 percent.

The change also means Windows 8 users will be able to use all of a Web site's Flash features in the mode formerly known as Metro.

By sandboxing Flash, a plug-in can crash without taking down the rest of the browser. Sandboxing was introduced in early versions of Chrome to prevent rogue tabs from causing such total browser crashes, and as an anti-malware measure.

Google ported Flash off the aging NPAPI architecture … Read more

To fend off attacks and faulty programming, Apple has implemented sandboxing routines to manage what system resources applications have access to. While the sandboxing process should allow the applications to run as intended by the developer, sometimes an odd bug or configuration error may result in random breaks in functionality.

For example, TextEdit is one of the sandboxed programs that Apple includes in OS X. Sandbox entitlements allow it to save to the filesystem and accept keyboard inputs, among other features, so you can use the program to create documents and edit them. However, if a sandboxing error involving one … Read more

Starting June 1, the Mac App Store will be adopting a new policy that requires applications distributed through it to be sandboxed -- a feature that restricts default access to all system resources except those allowed by specific Apple-defined entitlements. The sandboxing and entitlements are generally voluntarily set up and elected by the developer, but in the case of the App Store, are both mandatory and also scrutinized and approved by Apple. While sandboxing is a great option for protecting users' systems and should offer seamless functionality for most programs, Apple's implementation is too restrictive for some applications to … Read more

On June 1, Apple will begin enforcing sandboxing requirements for all applications distributed through its Mac App Store service. If you've purchased applications from the Mac App Store, you can expect updates to become available in the next week or two.

Sandboxing is a security measure that restricts applications from unintended resource access. When enabled on an application, the default sandbox gives a program no access to any resources. Developers then enable Apple-supplied entitlements for the sandbox that allow access to printing, the network, and filesystem reading and writing, and other features so their program can work properly. The … Read more

An apparent bug is present in OS X 10.7 "Lion" that causes some applications to crash when the system's network location configuration is changed. However, while the system generates a crash report, the applications appear to have not crashed at all.

This issue happens because of a bug with how OS X handles both network location configurations and its process sandboxing routines.

In OS X you can set up different "locations" in the Network system preferences -- convenient configurations for the various network setups you might need for your work. For instance, a home … Read more

Last November Apple announced to its developer community that all applications distributed through its Mac App Store would require sandboxing. Apple initially set the deadline for this requirement to March 1, but recently moved this deadline back a few months to June 1.

Sandboxing is a method of isolating an application's tasks from those of other applications and the system, by allowing it access to only the resources it is intended to access.

This setup prevents any errors in the program from interfering with resources it was not intended to access. For instance, if a program is built to … Read more

Quarantining files has its benefits, but a current bug is causing some trouble.

When you first download a file in OS X the system considers it to be foreign and tags it with a quarantine flag. This flag prevents it from running if it contains executable code, at least until it is scanned and the user is notified that the file contains code and could potentially change files on the computer. If the file is an application, then when you open it the launch services will present a warning that the file was downloaded from the Internet. Once you confirm … Read more