Snow Leopard security – The good, the bad and the missing
Vista lessons not learned
Apple Engineers missed a key opportunity to implement an industry-standard technology in their latest operating system that would have made it more resistant to hacking attacks, three researchers have said.
Known as ASLR, or address space layout randomization, the measure picks a different memory location to load system components each time the OS is started. While Microsoft has had it implemented since the roll-out of Windows Vista, the analogous protection in Snow Leopard, which went on sale Friday, suffers from a crucial deficiency: It fails to randomize core parts of the OS, including the heap, stack and dynamic linker.
That means that attackers who identify buffer overflows and similar bugs in OS X components have a much better chance of causing the vulnerability to execute malicious code that compromises the machine. The halfhearted attempt at implementing ASLR has been a chief complaint of security researchers since Leopard, Snow Leopard’s predecessor. Many had hoped it would be made more robust in the new version.
Read more: channelregister.co.uk