It’s been a long time coming but with the latest release of Max OS X Lion – Apple has really stepped it up in terms of security and pro-active protection.
Just a few months back in May we reported that – Mac Malware is Becoming a Serious Threat and back in march Day One At Pwn2Own Takes Out Microsoft Internet Explorer and Apple Safari.
With this latest update they have really integrated some very modern security techniques with many claiming this puts them ahead of Windows 7 and Ubuntu in terms of security.
With Wednesday’s release of Mac OS X Lion, Apple has definitively leapfrogged its rivals by offering an operating system with state-of-the-art security protections that make it more resistant to malware exploits and other hack attacks, two researchers say.
Unlike the introduction of Snow Leopard in 2009, which offered mostly incremental security enhancements, OS X 10.7 represents a major overhaul, said the researchers, who spent the past few months analyzing the OS.
The most important addition is full ASLR. Short for address space layout randomization, the protection makes it much harder for attackers to exploit bugs by regularly changing the memory location where shell code and other system components are loaded. Other improvements include security sandboxes that tightly restrict the way applications can interact with other parts of the operating system and full disk encryption that doesn’t interfere with other OS features.
“It’s a significant improvement, and the best way that I’ve described the level of security in Lion is that it’s Windows 7, plus, plus,” said Dino Dai Zovi, principal of security consultancy Trail of Bits and the coauthor of The Mac Hacker’s Handbook. “I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users, too.”
There were a couple of blunders back in 2009 when Snow Leopard (commonly known as SL) was released, and of course – Mac OS X Snow Leopard Bundled With Malware Detector.
Back then the security tech bundled with Snow Leopard was incremental at best, there was nothing really new or anything that inspired confidence in us security chaps.
With the latest version of Lion however Apple has put in some really good stuff like full address space layout randomization (ASLR) and even more sandboxing (always a good idea to trap malware in userspace).
Although ASLR made its OS X debut in Leopard, the predecessor to Snow Leopard, its implementation was woefully inadequate because it failed to randomize core parts of the OS, including the heap, stack, and dynamic linker. That meant entire classes of exploits were automatically immune to the protection.
It also prompted many to wonder why Apple engineers bothered to put it into the OS in the first place, or didn’t properly implement it with the introduction of Snow Leopard. Windows Vista and Ubuntu, by contrast, added much more robust implementations of ASLR years earlier.
“When they went from Leopard to Snow Leopard, as far as I’m concerned, there really wasn’t any change,” said Charlie Miller, principal research consultant at security firm Accuvant and the other coauthor of The Mac Hacker’s Handbook. “They might have said there was more security and it was better, but at a low functionality level there really wasn’t any difference. Now, they’ve made significant changes and it’s going to be harder to exploit.”
Now these changes won’t stop Apple software from being vulnerable to exploits – but it will make it a hell of a lot harder to pull of code execution after getting in.
Even with all of that though, there will still be ways around it (just look at the latest JailBreak) – so as always – be careful Mac users!
Source: The Register