Just a few months back in May we reported that – Mac Malware is Becoming a Serious Threat and back in march Day One At Pwn2Own Takes Out Microsoft Internet Explorer and Apple Safari.

With this latest update they have really integrated some very modern security techniques with many claiming this puts them ahead of Windows 7 and Ubuntu in terms of security.

With Wednesday’s release of Mac OS X Lion, Apple has definitively leapfrogged its rivals by offering an operating system with state-of-the-art security protections that make it more resistant to malware exploits and other hack attacks, two researchers say.

Unlike the introduction of Snow Leopard in 2009, which offered mostly incremental security enhancements, OS X 10.7 represents a major overhaul, said the researchers, who spent the past few months analyzing the OS.

The most important addition is full ASLR. Short for address space layout randomization, the protection makes it much harder for attackers to exploit bugs by regularly changing the memory location where shell code and other system components are loaded. Other improvements include security sandboxes that tightly restrict the way applications can interact with other parts of the operating system and full disk encryption that doesn’t interfere with other OS features.

“It’s a significant improvement, and the best way that I’ve described the level of security in Lion is that it’s Windows 7, plus, plus,” said Dino Dai Zovi, principal of security consultancy Trail of Bits and the coauthor of The Mac Hacker’s Handbook. “I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users, too.”

There were a couple of blunders back in 2009 when Snow Leopard (commonly known as SL) was released, and of course – Mac OS X Snow Leopard Bundled With Malware Detector.

Back then the security tech bundled with Snow Leopard was incremental at best, there was nothing really new or anything that inspired confidence in us security chaps.

With the latest version of Lion however Apple has put in some really good stuff like full address space layout randomization (ASLR) and even more sandboxing (always a good idea to trap malware in userspace).

Although ASLR made its OS X debut in Leopard, the predecessor to Snow Leopard, its implementation was woefully inadequate because it failed to randomize core parts of the OS, including the heap, stack, and dynamic linker. That meant entire classes of exploits were automatically immune to the protection.

It also prompted many to wonder why Apple engineers bothered to put it into the OS in the first place, or didn’t properly implement it with the introduction of Snow Leopard. Windows Vista and Ubuntu, by contrast, added much more robust implementations of ASLR years earlier.

“When they went from Leopard to Snow Leopard, as far as I’m concerned, there really wasn’t any change,” said Charlie Miller, principal research consultant at security firm Accuvant and the other coauthor of The Mac Hacker’s Handbook. “They might have said there was more security and it was better, but at a low functionality level there really wasn’t any difference. Now, they’ve made significant changes and it’s going to be harder to exploit.”

What’s more, Lion’s refurbished ASLR has been augmented, so that even if hackers clear that hurdle, they’ll still have to bypass other new protections. Among them is a sandbox design that shields the most vulnerable and vital parts of the computer from attack. Safari, for example, has now been divided into two processes that separate the browser’s user interface and other functions from the part that parses JavaScript, images, and other web content.

Now these changes won’t stop Apple software from being vulnerable to exploits – but it will make it a hell of a lot harder to pull of code execution after getting in.

There are some smart changes to Safari too, which makes surfing a lot safer as one of the biggest attack vectors right now is through browser based exploits (Flash/JavaScript etc).

Even with all of that though, there will still be ways around it (just look at the latest JailBreak) – so as always – be careful Mac users!

Source: The Register

Apple has admitted that is has at LEAST three serious design weaknesses in it’s new application based firewall being rolled out with Mac OS X ‘Leopard’.

It comes (somewhat oddly) only 24 hours after a Mac OS X security update that fixed 41 OS X and Safari security vulnerabilities.

Previously independent researchers proved that Apple’s claim that the Leopard firewall could block all incoming connections was false.

In an advisory accompanying the Mac OS X v10.5.1 update, Apple admitted that the “Block all incoming connections” setting for the firewall is misleading.

“The ‘Block all incoming connections’ setting for the Application Firewall allows any process running as user “root” (UID 0) to receive incoming connections, and also allows mDNSResponder to receive connections. This could result in the unexpected exposure of network services,” Apple said.

With the fix, the firewall will more accurately describe the option as “Allow only essential services”, and by limiting the processes permitted to receive incoming connections under this setting to a small fixed set of system services, Apple said

Sounds like they are back-pedaling rather fast. They also addressed two other issues with the application based firewall.

CVE-2007-4703: The “Set access for specific services and applications” setting for the Application Firewall allows any process running as user “root” (UID 0) to receive incoming connections, even if its executable is specifically added to the list of programs and its entry in the list is marked as “Block incoming connections”. This could result in the unexpected exposure of network services.

CVE-2007-4704: When the Application Firewall settings are changed, a running process started by launchd will not be affected until it is restarted. A user might expect changes to take effect immediately and so leave their system exposed to network access.

So watch out, Apple is not the panacea of security as some people claim it to be.

Source: ZDNet