Researchers at Core Security Technologies Group have identified a vulnerability in the implementation of "sandboxing" in OS X. This technology we recall protects the system by limiting the types of operations that an application can perform, such as opening a document or access the network.

The sandbox is very useful because it helps to prevent an attack exploiting a problem of a single app to damage the entire system. The well-known security expert Charlie Miller had already identified a similar flaw in 2008, but it seems that Apple has not fully remedied the problem.

After reporting the vulnerabilities, Apple has limited the ability to recall events in the profiles mentioned by Miller, but leave others unaffected: predefined profiles for default sandbox were not changed and can therefore be bypassed by exploiting the remote Apple events (a system that allows applications on other Mac computer to send events to a local computer).

Core Security has discovered that sending events using a sandbox "no-network" you can gain access to network resources and theoretically you might be able to run applications without the restrictions of the sandbox. Apple is aware of the problem and it is likely that a patch will be integrated with the next security update.

A few days ago Apple has sent an email to developers by announcing the postponement from November 2011 to March 2012 the obligation to sandboxing apps for sale on the Mac app store.