Major overhaul makes OS X Lion king of security

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2011/07/21/mac_os_x_lion_security/

By Dan Goodin in San Francisco
The Register
21st July 2011

With Wednesday's release of Mac OS X Lion, Apple has definitively 
leapfrogged its rivals by offering an operating system with 
state-of-the-art security protections that make it more resistant to 
malware exploits and other hack attacks, two researchers say.

Unlike the introduction of Snow Leopard in 2009, which offered mostly 
incremental security enhancements, OS X 10.7 represents a major 
overhaul, said the researchers, who spent the past few months analyzing 
the OS.

The most important addition is full ASLR. Short for address space layout 
randomization, the protection makes it much harder for attackers to 
exploit bugs by regularly changing the memory location where shell code 
and other system components are loaded. Other improvements include 
security sandboxes that tightly restrict the way applications can 
interact with other parts of the operating system and full disk 
encryption that doesn't interfere with other OS features.

“It's a significant improvement, and the best way that I've described 
the level of security in Lion is that it's Windows 7, plus, plus,” said 
Dino Dai Zovi, principal of security consultancy Trail of Bits and the 
coauthor of The Mac Hacker's Handbook. “I generally tell Mac users that 
if they care about security, they should upgrade to Lion sooner rather 
than later, and the same goes for Windows users, too.”

[...]

___________________________________________________________
Attend Black Hat USA 2011, hosted at Caesars Palace in
Las Vegas, Nevada July 30-Aug 4, offering over 60 training
sessions and 9 tracks of Briefings from security industry elite.
To sign up visit: http://www.blackhat.com