“With Wednesday’s release of Mac OS X Lion, Apple has definitively leapfrogged its rivals by offering an operating system with state-of-the-art security protections that make it more resistant to malware exploits and other hack attacks, two researchers say,” Dan Goodin reports for The Register.
“The most important addition is full ASLR. Short for address space layout randomization, the protection makes it much harder for attackers to exploit bugs by regularly changing the memory location where shell code and other system components are loaded. Other improvements include security sandboxes that tightly restrict the way applications can interact with other parts of the operating system and full disk encryption that doesn’t interfere with other OS features,” Goodin reports. “‘It’s a significant improvement, and the best way that I’ve described the level of security in Lion is that it’s Windows 7, plus, plus,’ said Dino Dai Zovi, principal of security consultancy Trail of Bits and the coauthor of The Mac Hacker’s Handbook. ‘I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users, too.'”
Advertisement: Students, Parents and Faculty save up to $200 on a new Mac.
“With virtually all browser exploits targeting the way the program parses web content, Apple engineers have tightly locked down the new process, called Safari Web Content. The design is intended to limit the damage that can be done in the event an attacker is able to exploit a buffer overflow or other bug in the browser,” Goodin reports. “‘Now, you end up inside this restricted process that only does the web parsing, and you can’t do other things you might want to do as an attacker, such as write files or read a person’s documents,’ Charlie Miller, principal research consultant at security firm Accuvant and the other coauthor of The Mac Hacker’s Handbook, explained. ‘Even when you get code execution, you no longer have free rein to do whatever you want. You can do only what the sandbox allows you to do.'”
Read more in the full article here.
Related articles:
Gartenberg: Mac OS X Lion will only contribute to Apple’s expanding mind-share – July 20, 2011
MSNBC reviews Mac OS X Lion: ‘Worth the upgrade’ – July 20, 2011
USA Today’s Baig reviews Mac OS X Lion: ‘Truly worth lionizing’ – July 20, 2011
Ars Technica reviews Mac OS X 10.7 Lion: ‘Better technology’ – July 20, 2011
The force is strong with this one.
‘I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users, too.’”
So he tells Windows users to upgrade to Lion too? That’s what I thought he said.
+1
Man I sure am glad that Apple finally got a firm grip on security. I’m so sick and tired of running virus scans every day and having to clean out all that malware and viruses that continuously invade my Mac.
I sincerely hope that was an ironic statement 🙂
=:~)
I think (hope) Wingsy was being sarcastic.
Huh?!? Please tell me this is sarcasm. I’ve yet to find 1 malware or virus on my Mac in the 5 years I’ve used it. I scan my system a few times a year just for the heck of it to see what might be there and still nothing. As you can see some old Windows habits die hard for those of us who decided to switch b/c we couldn’t stand having to reload our PCs b/c of performance loss or infection.
I found one on my Mac — I think it was in ’97…
The only malware I ever find are the emails sent to me when PC users get their computer hacked. and move on.
I didn’t think I had to clarify. My comment was as sarcastic as I could possibly come up with. Never had a virus or any malware and I’m all over the net at least 6 hours a day. I download stuff from everywhere (have over 800 apps on my Mac) and not once had any “infection” of any sort.
Wingsy, I love your sarcasm, and I love even more that some people are doubting it is so.
Why is the elevated security firewall in Lion surpassed only by the firewall against irony among its users?
BWAHAHAHAHA!
Wingsy is being sarcastic folks.
The only malware for Mac is 7 different Trojan horses of various versions. All of them require LUSER behavior in order to be installed. None of them exploit any security hole in Mac OS X. The only thing you’ll typically find on Mac malware scans are the 100,000+ malware for Windows you’ve been sent via eMail. 😆
space layout randomization = borg
“We are the dyslexic Borg. Your ass will be laminated.”
“‘It’s a significant improvement, and the best way that I’ve described the level of security in Lion is that it’s Windows 7, plus, plus,…………”
Puleeeeeze
Yep, needs two more pluses because Lion is that good!
It’s newspeak – double plus good.
It’s Windows 7, plus, plus,…
With a heaping helping of everything Cupertino….
Plus a dash of magic….
Oh, and minus the Windows 7…
It’s number 1+. Or has somebody already done that?
No decrepit Microsoft spaghetti code in sight. It’s UNIX. That’s a good thing.
Don’t take this lightly. Charlie Miller is the best in the world at hacking into Macs, and he rarely has anything good to say about Apple’s security practices. This is a big deal.
Agreed.
This guy has won money and free macs by cracking into safari and exploiting security vulnerabilities on macs in record time.
Its a hell of an endorsement coming from him.
Dude, he guided the Macs, every one of them, to a website he built and he downloaded a Trojan that he wrote. He then had the instalation of this piece of malware authorized by the Mac Owner/operator.
If he does it in a stupid contest it’s brilliant hacking. If we download a Trojan and install it on our Mac we are idiots.
Do you see the difference? He didn’t hack anything. Without physical access to the computer and without the authorization code he’d still be trying to hack his first Mac contest.
So is the “Open safe files” in Safari defaulted to “off” yet?
I can’t wait for the next CANSEC conference. The Mac will finally be left standing among its peers.
I wouldn’t bet on it. It’s always gone first before.
Least secure OS on the planet.
You’re an idiot.
‘me’ = just another anonymous coward liar troll. 😛
Go study the Pwn2Own contest if you’d like to know how it REALLY works. I’m tired of having to repeat the process over and over for TardTrolls. Here’s a great source:
Pwn2Own @ Wikipedia
Oh and BTW: Windows currently has 150x more malware than Mac OS X on a per user basis. This shocking figure demonstrates the inordinately poor security in Microsoft Windows. There’s no denying it little trolls. Now go scurry away and hide in your cave.
Anti-Apple Security FUD! FUD! FUD! FUD! 😆
I love my safe walled in garden!
That’s on-line security. What about physical security, what improvements if any have been made there? Anyone with access to your computer and the proper knowledge can get to any non-encrypted file on your system.
i.e.
http://www.macyourself.com/2009/08/03/how-to-reset-your-mac-os-x-password-without-an-installer-disc/
And Lion does nothing to prevent someone with physical access to your system from lifting it from the table and making a run for the door. When are the guys on Infinity Loop going to get serious about security? I mean, I would love to see an actual lion jump out and incapacitate would-be Mac thieves!!
Yes, we need the iApple, a 500 lb Apple-logo shaped 3D weight with a chain that melts into the case of your MacBook Air or other Mac to prevent them from “walking off.” Easily removable with a blowtorch, or Steve Jobs’ special RDF magnet.
If you have someone who tries to do this to you, and actually knows how to do it, you’ve got bigger problems to worry about.
Laptops (any computer) can be stolen and the information on how to read non-encrypted files is freely available. (see link above) It is NOT as secure as it should be and people need to be aware. Use encrypted bundles of sensitive information. Anything with our SSN, scanned invoices, Quicken (or the like) data files, etc.
Lion now has full disk encryption.
http://www.apple.com/au/macosx/whats-new/features.html#filevault2
Tell Windows users to wear a condom when using their PC to protect themselves. I bet half of them will really wear one when using their POS PC. lol
Anti-Apple trolls have this week skyrocketed market demand for Depends undergarments in order to disguise and mitigate the fact that they are shi**ing their pants.
I could not be happier that Apple is now entirely ‘BUZZ WORD COMPLIANT’ in OS security. Thank you Apple! 😀
Mac-Security Blog