Just a few months back in May we reported that – Mac Malware is Becoming a Serious Threat and back in march Day One At Pwn2Own Takes Out Microsoft Internet Explorer and Apple Safari.

With this latest update they have really integrated some very modern security techniques with many claiming this puts them ahead of Windows 7 and Ubuntu in terms of security.

With Wednesday’s release of Mac OS X Lion, Apple has definitively leapfrogged its rivals by offering an operating system with state-of-the-art security protections that make it more resistant to malware exploits and other hack attacks, two researchers say.

Unlike the introduction of Snow Leopard in 2009, which offered mostly incremental security enhancements, OS X 10.7 represents a major overhaul, said the researchers, who spent the past few months analyzing the OS.

The most important addition is full ASLR. Short for address space layout randomization, the protection makes it much harder for attackers to exploit bugs by regularly changing the memory location where shell code and other system components are loaded. Other improvements include security sandboxes that tightly restrict the way applications can interact with other parts of the operating system and full disk encryption that doesn’t interfere with other OS features.

“It’s a significant improvement, and the best way that I’ve described the level of security in Lion is that it’s Windows 7, plus, plus,” said Dino Dai Zovi, principal of security consultancy Trail of Bits and the coauthor of The Mac Hacker’s Handbook. “I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users, too.”

There were a couple of blunders back in 2009 when Snow Leopard (commonly known as SL) was released, and of course – Mac OS X Snow Leopard Bundled With Malware Detector.

Back then the security tech bundled with Snow Leopard was incremental at best, there was nothing really new or anything that inspired confidence in us security chaps.

With the latest version of Lion however Apple has put in some really good stuff like full address space layout randomization (ASLR) and even more sandboxing (always a good idea to trap malware in userspace).

Although ASLR made its OS X debut in Leopard, the predecessor to Snow Leopard, its implementation was woefully inadequate because it failed to randomize core parts of the OS, including the heap, stack, and dynamic linker. That meant entire classes of exploits were automatically immune to the protection.

It also prompted many to wonder why Apple engineers bothered to put it into the OS in the first place, or didn’t properly implement it with the introduction of Snow Leopard. Windows Vista and Ubuntu, by contrast, added much more robust implementations of ASLR years earlier.

“When they went from Leopard to Snow Leopard, as far as I’m concerned, there really wasn’t any change,” said Charlie Miller, principal research consultant at security firm Accuvant and the other coauthor of The Mac Hacker’s Handbook. “They might have said there was more security and it was better, but at a low functionality level there really wasn’t any difference. Now, they’ve made significant changes and it’s going to be harder to exploit.”

What’s more, Lion’s refurbished ASLR has been augmented, so that even if hackers clear that hurdle, they’ll still have to bypass other new protections. Among them is a sandbox design that shields the most vulnerable and vital parts of the computer from attack. Safari, for example, has now been divided into two processes that separate the browser’s user interface and other functions from the part that parses JavaScript, images, and other web content.

Now these changes won’t stop Apple software from being vulnerable to exploits – but it will make it a hell of a lot harder to pull of code execution after getting in.

There are some smart changes to Safari too, which makes surfing a lot safer as one of the biggest attack vectors right now is through browser based exploits (Flash/JavaScript etc).

Even with all of that though, there will still be ways around it (just look at the latest JailBreak) – so as always – be careful Mac users!

Source: The Register

Ah we saw this coming didn’t we, back in June we reported on Apple Struggling With Security & Malware and now they have shown they were paying attention.

Even though they tried to do so quietly, they are slipping a ‘malware detector’ into the latest OS X update known as Snow Leopard.

The problem is though, it only scans for two trojans? Seems a bit pointless to me.

Although Mac OS X is considered by many to be the most secure operating system available to end users, it does suffer from security issues. Perhaps the new malware detector in Apple’s new Mac OS X Snow Leopard release will help prove that.

Mac OS X is viewed by many as the most secure operating system on the market. It’s certainly considered far more secure than Microsoft’s Windows operating system.

But with a report hitting the wire Wednesday claiming Apple’s new Mac OS X release, Snow Leopard, will feature a malware-detection tool, some of those beliefs might be put into question.

According to reports, Mac OS X will feature an application that will scan the user’s Mac for known trojans. It will also flag malicious files if they are downloaded from Safari, iChat, Entourage and a few other applications. There’s just one catch: that feature will only look for two trojans. Every other possibly damaging trojan will not be scanned for.

Only two trojans? Why not make it a full on malware scanner, or at least something a little more useful than a finite scanner.

I mean even Windows pushes their Malicious Software Removal Tool and I’m sure it scans for more than just two threats.

Either way it’s a step in the right direction and Apple are acknowledging their OS isn’t bullet proof and they need to do something to address that.

Over the past few months, we have seen several Mac OS X security issues hit the wire. From security outbreaks to an update that included several security fixes, it was becoming clear that Mac OS X’s reputation for strong security wasn’t as reliable as some believed. And if Mac OS X Snow Leopard does, in fact, feature that new malware detector, it could change everything. Just don’t expect Apple to change.

“The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box,” Apple wrote on the company’s Mac OS X Snow Leopard page. “However, since no system can be 100 percent immune from every threat, anti-virus software may offer additional protection.”

I’m a little shocked by that statement. Although Apple does admit that no system is totally immune from issues, it says anti-virus software “may” offer additional protection. I think that perpetuates the myth that end users don’t need to worry about Mac OS X security.

I think the landscape for Apple is changing, as they get more users in the marketplace they WILL be exposed to more threats.

And more people will have their fingers in the operating system trying to break it for fun and profit. With Mac machines being sold as lifestyle products you can bet the majority of Apple users aren’t very tech savvy.

You can’t really compare it to the Linux desktop market, but even then Linux does have anti-virus software available for free and commercially.

Source: eWeek

Trafscrambler is an anti-sniffer/IDS LKM(Network Kernel Extension) for OSX, licensed under BSD.

Features

• Injection of packets with bogus data and with randomly selected bad TCP cksum or bad TCP sequences
• Userland binary(tsctrl) for controlling trafscrambler NKE
• SYN decoy – sends out number of SYN pkts before the original SYN pkt
• TCP reset attack – sends out RST/FIN pkt with bad sequence
• Pre-connection SYN – sends out SYN with wrong TCP-checksum
• Post-connection SYN – sends out fake SYN after connection establishment
• Zero Window – send out pkt with “0” window set.

You can download Trafscrambler 0.2 here:

trafscrambler-0.2.tgz

Or read more here.

Apple has admitted that is has at LEAST three serious design weaknesses in it’s new application based firewall being rolled out with Mac OS X ‘Leopard’.

It comes (somewhat oddly) only 24 hours after a Mac OS X security update that fixed 41 OS X and Safari security vulnerabilities.

Previously independent researchers proved that Apple’s claim that the Leopard firewall could block all incoming connections was false.

In an advisory accompanying the Mac OS X v10.5.1 update, Apple admitted that the “Block all incoming connections” setting for the firewall is misleading.

“The ‘Block all incoming connections’ setting for the Application Firewall allows any process running as user “root” (UID 0) to receive incoming connections, and also allows mDNSResponder to receive connections. This could result in the unexpected exposure of network services,” Apple said.

With the fix, the firewall will more accurately describe the option as “Allow only essential services”, and by limiting the processes permitted to receive incoming connections under this setting to a small fixed set of system services, Apple said

Sounds like they are back-pedaling rather fast. They also addressed two other issues with the application based firewall.

CVE-2007-4703: The “Set access for specific services and applications” setting for the Application Firewall allows any process running as user “root” (UID 0) to receive incoming connections, even if its executable is specifically added to the list of programs and its entry in the list is marked as “Block incoming connections”. This could result in the unexpected exposure of network services.

CVE-2007-4704: When the Application Firewall settings are changed, a running process started by launchd will not be affected until it is restarted. A user might expect changes to take effect immediately and so leave their system exposed to network access.

So watch out, Apple is not the panacea of security as some people claim it to be.

Source: ZDNet

Each day I check out the technology section of the bbc site, ok, its not the most in-depth, or techy site in the world, but it covers interesting stuff.

One interesting article http://news.bbc.co.uk/1/hi/technology/4816520.stm talks about getting a mac to run windows. That in it self is quite cool, but to my mind its the wrong way.

Who wants to put windows on a mac? what’s the point? You can buy PC hardware for less then the mac, and they run windows with out a problem. Well…. kinda.

So, what would be better? Getting OSX to run on a PC. Do that and what you have is some completion to windows with an existing user base, financial backing and at least most of the applications business want.

Business still counts for more of the computer market. Linux has never really broken in to the desk top market, main I think because people “into” linux don’t do gui. Fundamentally linux geeks tend to not believe its worth the effort, so the gui always seems to be less the perfect.

OSX, now that is a desk top platform, to my understanding its based on linux, and a lot of linux apps can be built to run on it. But, like I said, its a mac so it already has a lot of the applications people want and need.

I could be wrong but to me I think this is only the start. I don’t like mac’s. I don’t want a mac, but I see OSX and it look sexy. Maybe if I didn’t need a mac to try it out I’d give it a go, but buying hardware just to run an OS I might not like? I think not.

As the German IT portal heise online conveys, a new security hole in the Safari webbrowser for Apple’s Mac OS X has been discovered. This security hole is rather severe, as it invokes the execution of shell scripts under certain circumstances.

Once again the Safari option “open safe” files automatically after download bears the blame. If this facility runs across a shell script that is missing the so-called Shebang-row, the system won’t ask the user whether to execute the file automatically anymore – it’ll just execute it anyways. Unfortunately you can simply rename a shellscript without a Shebang-row to known-good filetype extensions like JPG or PNG and put that renamed script into a ZIP file – zipping as well an administrative file that’ll connect that file with the shell. A target Mac then “knows” automatically how to open that file if it receives that ZIP – it’ll take it as totally normal to execute the “jpg file” with the shell.

To circumvent this issue immediately, you can exercise two countermeasures – the first one is to disable that unsafe option in Safari, the second one is to move the terminal to another place, as the connection between shellscript and terminal has a hardcoded file path to the terminal. Additionally, you should never ever work with administrator privileges – as one should be used to with windoze, this rule of thumb has the same virtues on a Mac as well

Source: 4null4.de

A rare exploit for Mac eh, it is possible to exploit, it’s not just a theory, you can find a proof of concept here:

http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html

With a Babelfish Translation.