OS X Lion Raises Bar on security, however Battery Firmware Vulnerability Surfaces

The Register reviews on one of the crucial new security improvements in OS X Lion, with researchers calling the adjustments a “major overhaul” that goes far past the minor safety tweaks Apple made going from Mac OS X Leopard to Snow Leopard.

“it’s a significant improvement, and one of the best ways that I’ve described the level of security in Lion is that it’s home windows 7, plus, plus,” stated Dino Dai Zovi, foremost of safety consultancy trail of Bits and the coauthor of The Mac Hacker’s handbook. “I normally inform Mac customers that in the event that they care about safety, they will have to improve to Lion quicker quite than later, and the identical goes for windows customers, too.”

particularly, the record factors to such features as full fortify for tackle area structure randomization (ASLR), utility sandboxing, and a revamped FileVault encryption system as being key to Lion’s improved safety.

“once they went from Leopard to Snow Leopard, as far as i’m concerned, there truly wasn’t any alternate,” mentioned Charlie Miller, principal research marketing consultant at security firm Accuvant and the opposite coauthor of The Mac Hacker’s guide. “They might have said there was extra safety and it was once higher, but at a low functionality degree there in reality wasn’t any difference. Now, they’ve made vital adjustments and it’ll be tougher to take advantage of.”

Miller isn’t simplest interested in operating gadget and core utility vulnerabilities, however, as evidenced by using his up to date discovery of a vulnerability within the chips that keep an eye on the batteries in Apple’s notebooks. That vulnerability might be exploited on a normal stage to harm battery operate or with additional effort to implant malware that could reinfect computer systems multiple instances.

The batteries’ chips are shipped with default passwords, such that somebody who discovers that password and learns to regulate the chips’ firmware can probably hijack them to do the rest the hacker desires. that features permanently ruining batteries at will, and could enable nastier tricks like implanting them with hidden malware that infects the computer no matter how again and again instrument is reinstalled or even potentially causing the batteries to heat up, capture fire or explode. “These batteries just are not designed with the concept that people will mess with them,” Miller says. “What i’m exhibiting is that it’s that you can imagine to use them to do one thing truly dangerous.”

Miller plans to officially announce his discoveries at next month’s Black Hat conference, and he will also be releasing a brand new “Caulkgun” tool to permit Mac computing device users to change their batteries’ default passwords to randomized strings. That move would lend a hand keep hackers out of the batteries, but also prevent Apple from issuing its personal upgrades and fixes for the battery firmware. Miller has also been involved with Apple and Texas units regarding the vulnerability.

up to date Mac and iOS blog stories
Steve Jobs Has No drawback Telling You What He Thinks
area Shuttle Atlantis in the course of the Lens of an iPhone four
'New' iPhone Reportedly Coming soon to China Telecom and China Unicom
Verizon Sees 2.3 Million iPhone Activations in 2Q 2011
Apple Updates Standalone Keyboards for OS X Lion

more: endured here

Leave a Reply