It’s been a long time coming but with the latest release of Max OS X Lion – Apple has really stepped it up in terms of security and pro-active protection.
Just a few months back in May we reported that – Mac Malware is Becoming a Serious Threat and back in march Day One At Pwn2Own Takes Out Microsoft Internet Explorer and Apple Safari.
With this latest update they have really integrated some very modern security techniques with many claiming this puts them ahead of Windows 7 and Ubuntu in terms of security.
With Wednesday’s release of Mac OS X Lion, Apple has definitively leapfrogged its rivals by offering an operating system with state-of-the-art security protections that make it more resistant to malware exploits and other hack attacks, two researchers say.
Unlike the introduction of Snow Leopard in 2009, which offered mostly incremental security enhancements, OS X 10.7 represents a major overhaul, said the researchers, who spent the past few months analyzing the OS.
The most important addition is full ASLR. Short for address space layout randomization, the protection makes it much harder for attackers to exploit bugs by regularly changing the memory location where shell code and other system components are loaded. Other improvements include security sandboxes that tightly restrict the way applications can interact with other parts of the operating system and full disk encryption that doesn’t interfere with other OS features.
“It’s a significant improvement, and the best way that I’ve described the level of security in Lion is that it’s Windows 7, plus, plus,” said Dino Dai Zovi, principal of security consultancy Trail of Bits and the coauthor of The Mac Hacker’s Handbook. “I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users, too.”
There were a couple of blunders back in 2009 when Snow Leopard (commonly known as SL) was released, and of course – Mac OS X Snow Leopard Bundled With Malware Detector.
Back then the security tech bundled with Snow Leopard was incremental at best, there was nothing really new or anything that inspired confidence in us security chaps.
With the latest version of Lion however Apple has put in some really good stuff like full address space layout randomization (ASLR) and even more sandboxing (always a good idea to trap malware in userspace).
Although ASLR made its OS X debut in Leopard, the predecessor to Snow Leopard, its implementation was woefully inadequate because it failed to randomize core parts of the OS, including the heap, stack, and dynamic linker. That meant entire classes of exploits were automatically immune to the protection.
It also prompted many to wonder why Apple engineers bothered to put it into the OS in the first place, or didn’t properly implement it with the introduction of Snow Leopard. Windows Vista and Ubuntu, by contrast, added much more robust implementations of ASLR years earlier.
“When they went from Leopard to Snow Leopard, as far as I’m concerned, there really wasn’t any change,” said Charlie Miller, principal research consultant at security firm Accuvant and the other coauthor of The Mac Hacker’s Handbook. “They might have said there was more security and it was better, but at a low functionality level there really wasn’t any difference. Now, they’ve made significant changes and it’s going to be harder to exploit.”
What’s more, Lion’s refurbished ASLR has been augmented, so that even if hackers clear that hurdle, they’ll still have to bypass other new protections. Among them is a sandbox design that shields the most vulnerable and vital parts of the computer from attack. Safari, for example, has now been divided into two processes that separate the browser’s user interface and other functions from the part that parses JavaScript, images, and other web content.
Now these changes won’t stop Apple software from being vulnerable to exploits – but it will make it a hell of a lot harder to pull of code execution after getting in.
There are some smart changes to Safari too, which makes surfing a lot safer as one of the biggest attack vectors right now is through browser based exploits (Flash/JavaScript etc).
Even with all of that though, there will still be ways around it (just look at the latest JailBreak) – so as always – be careful Mac users!
Source: The Register
Anonymous says
My, my, my, seems no OS ever was a secured one.
So, now Lion is protecting with 2 additional layers : additional entropy and non-root user execution.
Entropy, nice to begin with, it might be lowered right ? Yeah even more easily than thought, memory is a finite quantity, most of mac are shipped with a certain quantity of ram, fixed one as far as I know, so how long it will take, that’s a question, really a good question ?
My 2 cents answer : how many mery blocks and how many adresses ? We don’t care about randomness for a good reason : there’s no real randomness is a finite space, just intervals to test.
What about non-root user execution, this is part of the big deal in fact, in a way this is the supplement for security because encryption need to be broken before this could be attempted, that’s the very moment you ask why ? Why ? Breaking encryption is like breaking walls that obfuscated your vision over a magnificient landcape, a nice landscape with everything you need like passwords or even better as root privileges. They’re not encrypted, but root account and pass might be, or maybe just files but that’s a voracious cracker thing.
This is not enough, obviously not enough, nowadays best way to own a computer isn’t the OS anymore, it’s all about the web browser. In a way this might be a good protection : using IE could be a good protection since it does not handle a web page code properly, even more if you’re keeping that old IE v4 version.
Mac users should take the upgrade for sure but they sould also be more cautious about everything, a bit antinomic with the so advertized simplicity.
Darknet says
Well at least Apple is doing something now, far better than before.