Security News > 2021 > May > Compsci boffin publishes proof-of-concept code for 54-year-old zero-day in Universal Turing Machine
A computer science professor from Sweden has discovered an arbitrary code execution vuln in the Universal Turing Machine, one of the earliest computer designs in history - though he admits it has "No real-world implications".
In a paper published on academic repository ArXiv, Pontus Johnson, a professor at the KTH Royal Institute of Technology in Stockholm, Sweden, cheerfully explained that his findings wouldn't be exploitable in a real-world scenario because it pertained specifically to the 1967 implementation [PDF] of the simulated Universal Turing Machine designed by the late Marvin Minsky, who co-founded the academic discipline of artificial intelligence.
"The universal Turing machine is generally considered to be the simplest, most abstract model of a computer," wrote Johnson in his paper.
The Minsky specification describes a tape-based machine that reads and executes very simple programs from a simulated tape.
Johnson told The Register today: "In this case, as in many cases, the vulnerability is based on confusing the machine in academia, we scientists like to start with the basic principle: demonstrate something for a small system, then maybe it's true for a larger system. It seems to me that for the very smallest system, there is this intrinsic vulnerability, this propensity to be vulnerable."
Looking specifically at Johnson's vuln, he commented: "Interestingly, it seems to point more to issues with interpretations/implementations of the Turing machine. It seems to support the adage that nothing is totally secure once it's actually implemented." .