Snow Leopard less secure than Windows, says hacker
Snow Leopard lacks security features that are built in to Windows XP, Windows Vista and Windows 7, a noted Mac researcher has said.
Dubbed ASLR, for address space layout randomisation, the technology randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions, and thus make it harder for them to craft reliable exploits.
“Apple didn’t change anything,” said Charlie Miller, of Baltimore-based Independent Security Evaluators, the co-author of The Mac Hacker’s Handbook, and winner of two consecutive “Pwn2own” hacker contests. “It’s the exact same ASLR as in Leopard, which means it’s not very good.”
Snow Leopard on a Windows PC? | Snow Leopard to ship with anti-virus detection | Snow Leopard: The in-depth review | Apple Mac OS X 10.6 Snow Leopard
Two years ago, Miller and other researchers criticised Apple for releasing Mac OS X 10.5, aka Leopard, with half-baked ASLR that failed to randomise important components of the OS, including the heap, the stack and the dynamic linker, the part of Leopard that links multiple shared libraries for an executable.
Miller was disappointed that Apple didn’t improve ASLR from Leopard to Snow Leopard. “I hoped Snow Leopard would do full ASLR, but it doesn’t,” said Miller. “I don’t understand why they didn’t. But Apple missed an opportunity with Snow Leopard.”
Posts
Loading ...