“With Wednesday’s release of Mac OS X Lion, Apple has definitively leapfrogged its rivals by offering an operating system with state-of-the-art security protections that make it more resistant to malware exploits and other hack attacks, two researchers say,” Dan Goodin reports for The Register.
“The most important addition is full ASLR. Short for address space layout randomization, the protection makes it much harder for attackers to exploit bugs by regularly changing the memory location where shell code and other system components are loaded. Other improvements include security sandboxes that tightly restrict the way applications can interact with other parts of the operating system and full disk encryption that doesn’t interfere with other OS features,” Goodin reports. “‘It’s a significant improvement, and the best way that I’ve described the level of security in Lion is that it’s Windows 7, plus, plus,’ said Dino Dai Zovi, principal of security consultancy Trail of Bits and the coauthor of The Mac Hacker’s Handbook. ‘I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users, too.'”
Advertisement: Students, Parents and Faculty save up to $200 on a new Mac.
“With virtually all browser exploits targeting the way the program parses web content, Apple engineers have tightly locked down the new process, called Safari Web Content. The design is intended to limit the damage that can be done in the event an attacker is able to exploit a buffer overflow or other bug in the browser,” Goodin reports. “‘Now, you end up inside this restricted process that only does the web parsing, and you can’t do other things you might want to do as an attacker, such as write files or read a person’s documents,’ Charlie Miller, principal research consultant at security firm Accuvant and the other coauthor of The Mac Hacker’s Handbook, explained. ‘Even when you get code execution, you no longer have free rein to do whatever you want. You can do only what the sandbox allows you to do.'”
Read more in the full article here.
Related articles:
Gartenberg: Mac OS X Lion will only contribute to Apple’s expanding mind-share – July 20, 2011
MSNBC reviews Mac OS X Lion: ‘Worth the upgrade’ – July 20, 2011
USA Today’s Baig reviews Mac OS X Lion: ‘Truly worth lionizing’ – July 20, 2011
Ars Technica reviews Mac OS X 10.7 Lion: ‘Better technology’ – July 20, 2011