Researchers: Apple’s Mac OS X Lion is the king of security

“With Wednesday’s release of Mac OS X Lion, Apple has definitively leapfrogged its rivals by offering an operating system with state-of-the-art security protections that make it more resistant to malware exploits and other hack attacks, two researchers say,” Dan Goodin reports for The Register.

“The most important addition is full ASLR. Short for address space layout randomization, the protection makes it much harder for attackers to exploit bugs by regularly changing the memory location where shell code and other system components are loaded. Other improvements include security sandboxes that tightly restrict the way applications can interact with other parts of the operating system and full disk encryption that doesn’t interfere with other OS features,” Goodin reports. “‘It’s a significant improvement, and the best way that I’ve described the level of security in Lion is that it’s Windows 7, plus, plus,’ said Dino Dai Zovi, principal of security consultancy Trail of Bits and the coauthor of The Mac Hacker’s Handbook. ‘I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users, too.'”

Advertisement: Students, Parents and Faculty save up to $200 on a new Mac.

“With virtually all browser exploits targeting the way the program parses web content, Apple engineers have tightly locked down the new process, called Safari Web Content. The design is intended to limit the damage that can be done in the event an attacker is able to exploit a buffer overflow or other bug in the browser,” Goodin reports. “‘Now, you end up inside this restricted process that only does the web parsing, and you can’t do other things you might want to do as an attacker, such as write files or read a person’s documents,’ Charlie Miller, principal research consultant at security firm Accuvant and the other coauthor of The Mac Hacker’s Handbook, explained. ‘Even when you get code execution, you no longer have free rein to do whatever you want. You can do only what the sandbox allows you to do.'”

Read more in the full article here.

Related articles:
Gartenberg: Mac OS X Lion will only contribute to Apple’s expanding mind-share – July 20, 2011
MSNBC reviews Mac OS X Lion: ‘Worth the upgrade’ – July 20, 2011
USA Today’s Baig reviews Mac OS X Lion: ‘Truly worth lionizing’ – July 20, 2011
Ars Technica reviews Mac OS X 10.7 Lion: ‘Better technology’ – July 20, 2011


  1. ‘I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users, too.’”

    So he tells Windows users to upgrade to Lion too? That’s what I thought he said.

  2. Man I sure am glad that Apple finally got a firm grip on security. I’m so sick and tired of running virus scans every day and having to clean out all that malware and viruses that continuously invade my Mac.

    1. Huh?!? Please tell me this is sarcasm. I’ve yet to find 1 malware or virus on my Mac in the 5 years I’ve used it. I scan my system a few times a year just for the heck of it to see what might be there and still nothing. As you can see some old Windows habits die hard for those of us who decided to switch b/c we couldn’t stand having to reload our PCs b/c of performance loss or infection.

      1. I didn’t think I had to clarify. My comment was as sarcastic as I could possibly come up with. Never had a virus or any malware and I’m all over the net at least 6 hours a day. I download stuff from everywhere (have over 800 apps on my Mac) and not once had any “infection” of any sort.


      Wingsy is being sarcastic folks.

      The only malware for Mac is 7 different Trojan horses of various versions. All of them require LUSER behavior in order to be installed. None of them exploit any security hole in Mac OS X. The only thing you’ll typically find on Mac malware scans are the 100,000+ malware for Windows you’ve been sent via eMail. 😆

  3. “‘It’s a significant improvement, and the best way that I’ve described the level of security in Lion is that it’s Windows 7, plus, plus,…………”


  4. Don’t take this lightly. Charlie Miller is the best in the world at hacking into Macs, and he rarely has anything good to say about Apple’s security practices. This is a big deal.

    1. Agreed.

      This guy has won money and free macs by cracking into safari and exploiting security vulnerabilities on macs in record time.

      Its a hell of an endorsement coming from him.

      1. Dude, he guided the Macs, every one of them, to a website he built and he downloaded a Trojan that he wrote. He then had the instalation of this piece of malware authorized by the Mac Owner/operator.

        If he does it in a stupid contest it’s brilliant hacking. If we download a Trojan and install it on our Mac we are idiots.

        Do you see the difference? He didn’t hack anything. Without physical access to the computer and without the authorization code he’d still be trying to hack his first Mac contest.

      1. ‘me’ = just another anonymous coward liar troll. 😛

        Go study the Pwn2Own contest if you’d like to know how it REALLY works. I’m tired of having to repeat the process over and over for TardTrolls. Here’s a great source:

        Pwn2Own @ Wikipedia

        Oh and BTW: Windows currently has 150x more malware than Mac OS X on a per user basis. This shocking figure demonstrates the inordinately poor security in Microsoft Windows. There’s no denying it little trolls. Now go scurry away and hide in your cave.

        Anti-Apple Security FUD! FUD! FUD! FUD! 😆

    1. And Lion does nothing to prevent someone with physical access to your system from lifting it from the table and making a run for the door. When are the guys on Infinity Loop going to get serious about security? I mean, I would love to see an actual lion jump out and incapacitate would-be Mac thieves!!

      1. Yes, we need the iApple, a 500 lb Apple-logo shaped 3D weight with a chain that melts into the case of your MacBook Air or other Mac to prevent them from “walking off.” Easily removable with a blowtorch, or Steve Jobs’ special RDF magnet.

      1. Laptops (any computer) can be stolen and the information on how to read non-encrypted files is freely available. (see link above) It is NOT as secure as it should be and people need to be aware. Use encrypted bundles of sensitive information. Anything with our SSN, scanned invoices, Quicken (or the like) data files, etc.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.