Leopard Has Other Problems, Too

closeThis post was published 11 years 1 month 10 days ago. A number of changes have been made to the site since then, so please contact me if anything is broken or seems wrong.

Besides the stupidity of disabling the firewall by default and not updating included software, Apple’s Leopard upgrade even has holes in its security measures — an ironic concept by any other name. For example, the “Library Randomization” feature (similar to Windows Vista’s Address Space Load Randomization) is supposed to keep code from predictably loading in the same memory spaces, making buffer overflow attacks much more difficult, but some parts of the operating system that should have been randomized are still in predictable locations, most notably the Dynamic Link Library. One of the security researchers putting Leopard through its paces notes that he’s used that component in many exploits he’s written before.

Sandboxing, the other major security feature, is also incompletely implemented, with the normal attack targets (such as browsers, IM clients, and email programs) not being run in sandboxes. Sandboxing is supposed to keep hacked applications from writing malicious files to disk and from installing programs. Since the usual targets are not sandboxed, however, these vulnerabilities are still quite present. Most of the applications sandboxed were network services, but most attacks come through email, IM, or the Web, not from the local network.

dgw

I am an avid technology and software user, in addition to being reasonably well-versed in CSS, JavaScript, HTML, PHP, Python, and (though it still scares me) Perl. Aside from my technological tendencies, I am also a theatre technician, sound designer, violinist, singer, and actor.

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail (or subscribe without commenting)

Comments are subject to moderation, and are licensed for display in perpetuity once posted. Learn more.