Skip to main content
  1. Home
  2. Computing
  3. News

Apple asks security researchers to dig into Mac OS X Lion

Geoff Duncan
By
Image used with permission by copyright holder

Apple has never had particularly warm relations with the computer security community, and has been frustratingly tight-lipped about the status of known problems and vulnerabilities in Mac OS X: sometimes Apple jumps right on top of security problems in Mac OS X, and sometimes they linger unpatched for months. However, the company may be trying to turn over a new leaf with its forthcoming Mac OS X Lion: it’s asking security researches for feedback on the developer release of Mac OS X 10.7 “Lion”—and offering free copies if they aren’t in Apple’s developer program.

Several Mac securuty researchers have reported that they’ve been contacted by Apple about trying out the new Lion preview release. The releases come with a non-disclosure agreement that would prevent security researchers from publicly discussing any flaws or concerns they might find. Apple has said that it planned many under-the-hood improvements to improve security in Mac OS X Lion, although it has not been specific about its plans. Some Apple-watchers have expected Mac OS X 10.7 to include address space layout randomization—ASLR—which re-arranges key areas of memory in an unpredictable manner to reduce potential threats from buffer overflows and other vulnerabilities. Microsoft Windows has had full ASLR since the release of Windows Vista; Apple’s current OS, Mac OS X 10.6, implements partial ASLR.

Recommended Videos

Researchers who have confirmed receiving invitations to look at Lion include Dai Zovi and Charlie Miller, co-authors of The Mac Hacker’s Handbook. Miller is particularly well-known for being unimpressed with Mac OS X security, having won prizes in the last three Pwn2Own contests by exploiting hols in Apple’s Safari browser and Mac OS X—in one case, in less than 10 seconds. Miller also demonstrated an SMS processing vulnerability that potentially enabled attackers to complete take over the Apple iPhone, and even launch attacks on other phones.

Related

Apple has said it intends to release Mac OS X 10.7 “Lion” to consumers this summer.

Editors' Recommendations

Geoff Duncan
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
HP Envy x360 13 vs. Apple MacBook Air M1
HP Envy x360 13 2022 front angled view showing display and keyboard deck.

It's not often that laptop technology and marketing converge to produce so many excellent value options for laptop buyers, but now is one of those times. The Apple MacBook Air M1 has been superseded by the M2 version, and yet it remains an excellent laptop with outstanding performance, a solid build quality, and excellent battery life at a relatively affordable $1,000 price. The HP Envy x360 13 is also well-built and offers solid performance with great battery life (for a Windows laptop), and it can be purchased for as little as $700.

You can't go wrong with either of these laptops, but does Apple offer enough value to offset HP's incredible price? Read on to find out.
Specs

Read more
Apple Security Research website launches to protect your Mac
Apple Seurity Research website has resources for bug bounty hunters.

Apple just launched a new website that's dedicated to macOS and iOS security and there are already two blog posts that provide examples of what to expect, one providing a deep dive into memory allocation within the XNU kernel at the heart of all Apple devices, and another discussing the improved security bounty process.

The new website will undoubtedly become a critical resource for Apple security researchers, both providing information and serving as a hub for submitting bounties. The Apple Security Research website is also where you can apply for an official Apple Security Research Device (SRD) to help with identifying vulnerabilities by providing special access to what are normally protected areas of iOS.

Read more
Apple could launch a Frankenstein iPad Pro that runs macOS
ipad pro 2021.

People have been complaining for years that Apple should just merge its mobile and desktop operating systems, and they might finally see their wish come true -- sort of. That’s because a new rumor claims Apple is working on bringing macOS to the M2 iPad Pro, but it could be nothing more than a tall tale.

The rumor comes from leaker Majin Bu on Twitter, who claims their sources have told them Apple is working on a “smaller” version of macOS that would be exclusively for the M2 iPad Pro, which Apple has only just released.

Read more