Edible Apple

As Apple’s marketshare in the PC market continues to increase, the Mac platform is increasingly becoming a target for hackers. Serious attacks and threats remain few and far in between and there’s certainly no reason to sound any alarm bells, but as the Mac becomes more visible, Apple will have to stay a few steps ahead of the maliciously inclined.

And that’s exactly what it’s doing.

Back in February we reported that Apple had seeded advanced copies of OS X Lion to security experts asking for feedback about the OS’s new security measures. In a letter accompanying beta versions of Lion, Apple wrote security researchers,

I wanted to let you know that I’ve requested that you be invited to the prerelease seed of Mac OS X Lion, and you should receive an invitation soon. As you have reported Mac OS X security issues in the past, I thought that you might be interested in taking a look at this. It contains several improvements in the area of security countermeasures.

One of the researchers contacted by Apple was Charlier Miller, a man who has made quite a name for himself with Apple-based hacks over the past few years. Most recently he discovered a vulnerability in Apple’s MacBook battery.

In any event, Miller a few months back welcomed Apple’s newfound focus on security.

As far as I know they have never reached out to security researchers in this way. Also, we won’t have to pay for it like everybody else. It’s not hiring us to do pen-tests of it, but at least it’s not total isolation anymore, and at least security crosses their mind now.

And now that OS X Lion has been for quite awhile now, the Register recently posted an interesting look at how Apple has upped its security game with its latest OS release, calling it a major overhaul of security improvements.

The most important addition is full ASLR. Short for address space layout randomization, the protection makes it much harder for attackers to exploit bugs by regularly changing the memory location where shell code and other system components are loaded. Other improvements include security sandboxes that tightly restrict the way applications can interact with other parts of the operating system and full disk encryption that doesn’t interfere with other OS features.

Dino Dai Zovi, a MacBook hacker and security consultant who also received a pre-release version of OS X Lion was also impressed, calling it a significant improvement and describing the security in Lion as being “Windows 7, plus, plus.”

The Register continues:

With virtually all browser exploits targeting the way the program parses web content, Apple engineers have tightly locked down the new process, called Safari Web Content. The design is intended to limit the damage that can be done in the event an attacker is able to exploit a buffer overflow or other bug in the browser.

“Now, you end up inside this restricted process that only does the web parsing, and you can’t do other things you might want to do as an attacker, such as write files or read a person’s documents,” Miller explained. “Even when you get code execution, you no longer have free rein to do whatever you want. You can do only what the sandbox allows you to do.”

Apple has also completely rebuilt its FileVault disk encryption scheme to make it operate at the block level, well below the file level, as was the case previously. As a result, users may now encrypt an entire hard drive rather than only a user directory. It also eliminates a major frustration for many users, because for the first time it works seamlessly with the Mac’s Time Machine feature for automatically backing up disk contents. (Previously FileVault users who wanted to restore backup files had to boot off a CD.)

FileVault 2 also includes other improvements, such as the ability to encrypt disk contents when a Mac is put to sleep.

Not surprisingly, Apple over the past few years has quietly upgraded its security personnel, hiring security expert Ivan Kitric in 2009, former Mozilla security head Window Snyder in 2010, PGP co-founder and cryptography expert Jon Callas in 2010, and this past January, former NSA analyst David Rice to serve as the company’s director of global security.