Run! It’s the Fuzz!

Unfortunately, I'm not able to attend the CanSecWest 2010 conference in Vancouver this week, though I think Pierre-Marc will be there. I would have been more than a little interested in Charlie Miller's presentation on fuzzing Mac applications: that is, “…a method for discovering faults in software by providing unexpected input and monitoring for exceptions.” 

Miller wrote a short Python script to change one randomly-selected bit of a PDF or PowerPoint file at each test iteration, and fed it to Adobe Reader, Apple Preview, Microsoft Power Point or Oracle’s OpenOffice to see if they crashed, then went through the data to see which vulnerabilities were exploitable.

He claims to have found 20 exploitable bugs in Preview compared to three or four in each of the others. 

As it's a Mac issue, I've blogged about it at some length here, if it's of any interest to you.

ESET Research Fellow & Director of Malware Intelligence

Author David Harley, ESET

Follow us

Copyright © 2017 ESET, All Rights Reserved.