Skip to main content

Apple asks security researchers to dig into Mac OS X Lion

Image used with permission by copyright holder

Apple has never had particularly warm relations with the computer security community, and has been frustratingly tight-lipped about the status of known problems and vulnerabilities in Mac OS X: sometimes Apple jumps right on top of security problems in Mac OS X, and sometimes they linger unpatched for months. However, the company may be trying to turn over a new leaf with its forthcoming Mac OS X Lion: it’s asking security researches for feedback on the developer release of Mac OS X 10.7 “Lion”—and offering free copies if they aren’t in Apple’s developer program.

Several Mac securuty researchers have reported that they’ve been contacted by Apple about trying out the new Lion preview release. The releases come with a non-disclosure agreement that would prevent security researchers from publicly discussing any flaws or concerns they might find. Apple has said that it planned many under-the-hood improvements to improve security in Mac OS X Lion, although it has not been specific about its plans. Some Apple-watchers have expected Mac OS X 10.7 to include address space layout randomization—ASLR—which re-arranges key areas of memory in an unpredictable manner to reduce potential threats from buffer overflows and other vulnerabilities. Microsoft Windows has had full ASLR since the release of Windows Vista; Apple’s current OS, Mac OS X 10.6, implements partial ASLR.

Researchers who have confirmed receiving invitations to look at Lion include Dai Zovi and Charlie Miller, co-authors of The Mac Hacker’s Handbook. Miller is particularly well-known for being unimpressed with Mac OS X security, having won prizes in the last three Pwn2Own contests by exploiting hols in Apple’s Safari browser and Mac OS X—in one case, in less than 10 seconds. Miller also demonstrated an SMS processing vulnerability that potentially enabled attackers to complete take over the Apple iPhone, and even launch attacks on other phones.

Apple has said it intends to release Mac OS X 10.7 “Lion” to consumers this summer.

Editors' Recommendations

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
HP Spectre x360 13.5 vs. Apple MacBook Air M1
HP Spectre x360 13.5 front angled view showing display and keyboard deck.

Apple's MacBook Air M1 remains in the company's lineup thanks to solid performance, excellent battery life, a quality build, and an attractive price for a premium laptop. But it faces some stiff competition, like the HP Spectre x360 13.5, that's more expensive but also offers solid combinations of performance, battery life, and quality.

Both machines are on our list of the best laptops, for good reason. And the question is, should you spend more on the Spectre x360 13.5 or save your money with the MacBook Air M1?

Read more
HP Envy x360 13 vs. Apple MacBook Air M1
HP Envy x360 13 2022 front angled view showing display and keyboard deck.

It's not often that laptop technology and marketing converge to produce so many excellent value options for laptop buyers, but now is one of those times. The Apple MacBook Air M1 has been superseded by the M2 version, and yet it remains an excellent laptop with outstanding performance, a solid build quality, and excellent battery life at a relatively affordable $1,000 price. The HP Envy x360 13 is also well-built and offers solid performance with great battery life (for a Windows laptop), and it can be purchased for as little as $700.

You can't go wrong with either of these laptops, but does Apple offer enough value to offset HP's incredible price? Read on to find out.

Read more
Apple Security Research website launches to protect your Mac
Apple Seurity Research website has resources for bug bounty hunters.

Apple just launched a new website that's dedicated to macOS and iOS security and there are already two blog posts that provide examples of what to expect, one providing a deep dive into memory allocation within the XNU kernel at the heart of all Apple devices, and another discussing the improved security bounty process.

The new website will undoubtedly become a critical resource for Apple security researchers, both providing information and serving as a hub for submitting bounties. The Apple Security Research website is also where you can apply for an official Apple Security Research Device (SRD) to help with identifying vulnerabilities by providing special access to what are normally protected areas of iOS.

Read more