Run! It’s the Fuzz!

Unfortunately, I'm not able to attend the CanSecWest 2010 conference in Vancouver this week, though I think Pierre-Marc will be there. I would have been more than a little interested in Charlie Miller's presentation on fuzzing Mac applications: that is, “…a method for discovering faults in software by providing unexpected input and monitoring for exceptions.” 

Miller wrote a short Python script to change one randomly-selected bit of a PDF or PowerPoint file at each test iteration, and fed it to Adobe Reader, Apple Preview, Microsoft Power Point or Oracle’s OpenOffice to see if they crashed, then went through the data to see which vulnerabilities were exploitable.

He claims to have found 20 exploitable bugs in Preview compared to three or four in each of the others. 

As it's a Mac issue, I've blogged about it at some length here, if it's of any interest to you.

David Harley FBCS CITP CISSP
ESET Research Fellow & Director of Malware Intelligence

Author David Harley, ESET

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
24 Mar 2010
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.