On The Insider: Robert Pattinson's New Leading Lady
BNET Business Network:
BNET
TechRepublic
ZDNet

October 17th, 2007

Memory randomization (ASLR) coming to Mac OS X Leopard

Posted by Ryan Naraine @ 2:31 pm

Categories: Apple, Botnets, Browsers, Data theft, Exploit code, Hackers, Metasploit, Microsoft, Open source, Patch Watch, Pen testing, Responsible disclosure, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Windows Vista, Zero-day attacks

Tags: Application, Apple Macintosh, Disk, Apple Inc., Microsoft Corp., Leopard, Apple Mac OS X, Security, Apple Mac OS, Operating Systems

In Focus » See more posts on: Leopard

Memory randomization (ALSR) coming to Mac OS X LeopardApple has announced plans to add code-scrambling diversity to Mac OS X Leopard, a move aimed at making the operating system more resilient to virus and worm attacks.

The security technology, known as ASLR (address space layout randomization), randomly arranges the positions of key data areas to prevent malware authors from predicting target addresses. It is used in tandem with additional security features to reduce the effectiveness of exploit attempts.

[SEE: Vista’s ASLR not so random, but does it matter? ]

According to Apple, the library randomization feature will allow Leopard to defend against attackers with no effort at all.

One of the most common security breaches occurs when a hacker’s code calls a known memory address to have a system function execute malicious code. Leopard frustrates this plan by relocating system libraries to one of several thousand possible randomly assigned addresses.

Several open-source security systems — OpenBSD, PaX and Exec Shield — already implement ASLR in some form. Microsoft has also fitted ASLR into default configurations of Windows Vista.

Apple also plans to add Sandboxing (systrace) in Leopard to limits an application’s access to the system by enforcing access policies for system calls. The feature is aimed at restricing an app’s file access, network access, and ability to launch other applications.

Many Leopard applications — such as Bonjour, Quick Look, and the Spotlight indexer — will be sandboxed so hackers can’t exploit them, Apple said.

Strangely, the default Safari Web browser isn’t listed as a sandboxed application.

Some other security goodies promised in Leopard include:

Tagging Downloaded Applications — Protection from potential threats. Any application downloaded to the operating system is tagged. Before it runs for the first time, the system asks for the user’s consent — notifying the user when it was downloaded, what application was used to download it, and, if applicable, what URL it came from.

Signed Applications — A digital signature on an application will aim at verifying the identity and integrity of that program. All applications shipped with Leopard will be signed by Apple. Third-party software developers can also sign their applications.

Application-Based Firewall — Leopard will feature the ability to specify the behavior of specific applications to either allow or block incoming connections.

Stronger Encryption for Disk Images — Disk Utility will now allow users to create encrypted disk images using 256-bit AES encryption.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 101 Talkback(s)
RE: Memory randomization (ALSR) coming to Mac OS X Leopard
So much for the Mac bashers that say there is no virus written for the Mac because there are so few of them. But then, they are generally a pretty ignorant bunch anyway.... (Read the rest)
Posted by: Slrman Posted on: 10/02/09 You are currently: a Guest | | Terms of Use
Intresting...  Heatlesssun1 | 10/17/07
Proactive -v- reactive  Ken_z | 10/17/07
You didn't answer the question.  ye | 10/17/07
The best security is one in which a hacker takes infinity to infiltrate  YinToYourYang-22527499 | 10/17/07
According to the Mac fanbois OS X is already at infinity.  ye | 10/18/07
Wrong!  fde101 | 10/18/07
"Stupid" or just a user  Ken_z | 10/18/07
Fixed your typo for you.  James T. Kirk | 10/18/07
Perhaps you missed the part where I wrote:  ye | 10/18/07
Wrong conclusion  ShadeTree | 10/18/07
Only in your mind  frgough | 10/18/07
Perhaps you missed the part where I wrote:  ye | 10/18/07
re:ye  frgough | 10/18/07
I didn't say it did.  ye | 10/18/07
Talking about shooting oneself in the foot...  JoeDaddy | 10/18/07
If it's not hack proof then why zero malware?  ye | 10/18/07
Not a thoughtful question!  JoeDaddy | 10/18/07
JoeDaddy: You're confused  ye | 10/18/07
The reason is simple  bidemytime | 10/18/07
Still ZERO malware.  ye | 10/18/07
Life is a Fountain. Or It Isn't  DannyO_0x98 | 10/18/07
ye's logical fallacy  Robert Brearey Jr. | 10/18/07
It's not *MY* fallacy. It's the Mac fanbois fallacy.  ye | 10/18/07
re: ye: Much clearer  Robert Brearey Jr. | 10/18/07
virus for osx  qmlscycrajg | 10/19/07
BS  galley | 10/18/07
I "get there" because that's what the Mac fanbois...  ye | 10/19/07
Well yes and no.....  Laff | 10/19/07
Not necessarily  rapson | 10/19/07
My HP system has worked flawlessly since I bought it.  ye | 10/19/07
Maybe ye....  Laff | 10/19/07
dumb as a box of rocks  deMonstris | 10/18/07
Actually they are.  ShadeTree | 10/18/07
No one has ever said that except...  BitTwiddler | 10/18/07
It would be hard to sandbox Safari  toadlife | 10/17/07
not here  Ryan NaraineZDNet Moderator | 10/17/07
Protected mode  toadlife | 10/18/07
Doesn't mesh at all  Ryan NaraineZDNet Moderator | 10/18/07
YOU WRONG!  qmlscycrajg | 10/18/07
I NOT WRONG.  toadlife | 10/18/07
Indeed, wrong.  KTLA | 10/18/07
Another Possible and Compatible Reason  DannyO_0x98 | 10/18/07
yes, it is interesting  Narr vi | 10/17/07
Well ahead?  mdemuth | 10/17/07
Leopard security has nothing to do with copying Microsoft  YinToYourYang-22527499 | 10/17/07
That's the thing that really rankles  frgough | 10/18/07
Sorry  frgough | 10/18/07
OUCH!  heres_johnny | 10/18/07
wait....  Badgered | 10/18/07
That must be why all these security features ...  ShadeTree | 10/18/07
Meaningless drivel  frgough | 10/18/07
not actually..  rtk | 10/18/07
I agree that ...  ShadeTree | 10/18/07
Somewhat behind the information curve  YinToYourYang-22527499 | 10/17/07
tough morning  deMonstris | 10/18/07
Sounds like what I think I already sorta have...  Feldwebel Wolfenstool | 10/18/07
Allow?  No_Ax_to_Grind | 10/18/07
The irony of this all ,,,  Intellihence | 10/18/07
lol  Badgered | 10/18/07
That must be a very large mirror...  No_Ax_to_Grind | 10/18/07
What the mirror I'm holding up for you to see yourself .  Intellihence | 10/18/07
How is OSX ...  ShadeTree | 10/18/07
I was never aware that Windows had ZFS included ?  Intellihence | 10/18/07
ZFS wasn't mentioned in this article and ...  ShadeTree | 10/18/07
RE: The irony of this all ,,,  n0neXn0ne | 10/18/07
You left a few out  GuidingLight | 10/18/07
by copying MS and others, apple is "light years ahead".  rtk | 10/18/07
I wish Dell shipped OS X with their machines  YinToYourYang-22527499 | 10/18/07
sheesh, some prople  Badgered | 10/19/07
Vista already has it!  qmlscycrajg | 10/18/07
great!  bonchi74@... | 10/18/07
Forced to use Vista?  ye | 10/18/07
Such drama  frgough | 10/18/07
How about:  rtk | 10/18/07
LOL! So all those stories that MS was extending XP to OEMs were...  ye | 10/18/07
But read the fine-print first  YinToYourYang-22527499 | 10/18/07
example?  rtk | 10/19/07
I'd be happy to. Can you post a reference to it?  ye | 10/19/07
Except you can buy HP laptops with XP ...  ShadeTree | 10/18/07
XP is obsolete  qmlscycrajg | 10/19/07
Really?  ego.sum.stig@... | 10/19/07
NOTHING and NO ONE who continues to do the job  Laff | 10/19/07
All I want to know is...  ego.sum.stig@... | 10/18/07
WOW..... I read a few posts and replys and I'm staying  Laff | 10/18/07
Of course it is a good idea.  ShadeTree | 10/18/07
Pathologically delusional!  Mike Cox, Sr. | 10/18/07
hardly 'nuff.  rtk | 10/18/07
Everytime I think I'm out they PULL me back in......  Laff | 10/18/07
It is however something the Apple users ...  ShadeTree | 10/18/07
Light years ahead? Hmmmmm I can't recall ever  Laff | 10/19/07
Your sarcasm aside...  ShadeTree | 10/19/07
Now wait a minute here Leopard and Vista at one time  Laff | 10/19/07
You should only feel bad if you are ...  ShadeTree | 10/19/07
What does your mental state have ...  ShadeTree | 10/18/07
system 6  Steven Fisher | 10/18/07
Securtiy and the Mac  joedokes | 10/18/07
A very long winded and totally ...  ShadeTree | 10/18/07
Backwards compatibility ...  MisterMiester | 10/19/07
RE: Memory randomization (ALSR) coming to Mac OS X Leopard  batterycharger | 10/29/07
Most of that wish list is already there  dig48109 | 06/24/08
RE: Memory randomization (ALSR) coming to Mac OS X Leopard  Slrman | 10/02/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

  • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
  • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
  • Smart People The best and worst moves in the management and strategy trenches. Learn More