Security Experts:

Mac OS X Lion Brings Added Security and Privacy Features

Following yesterday's announcement of record quarterly revenue of $28.57 billion and record quarterly profit of $7.31 billion, Apple today launched Mac OS X Lion, the eighth major release of its operating system.

While OS X Lion flaunts more than 250 new features, we thought it would be appropriate to run through them and highlight some of the security and privacy related features that would be of interest to our security-minded audience.

Here are some of the security and privacy related features in Mac OS X Lion that stand out most:

FileVault 2, Encryption added in MacOS X LionEnhanced runtime protection - Apple has improved Address space layout randomization (ASLR) for all applications and made it available for 32-bit apps (as are heap memory protections), making 64-bit and 32-bit applications more resistant to attack.

Application sandboxing - Sandboxing protects the system by limiting the kinds of operations an application can perform, such as opening documents or accessing the network. Sandboxing makes it more difficult for a security threat to take advantage of an issue in a specific application to affect the greater system.

Revamped FileVault Technology: FileVault 2 new provides Full Disk Encryption, Instant wipe and External Drive Support: Built in (but not activated by default) FileVault now allows users to encrypt the entire drive on a Mac, helping to keep data more secure.

FileVault 2 uses XTS-AES 128 encryption to secure data. Apple optimized the initial disk encryption to be fast and nonintrusive. FileVault 2 quickly encrypts the entire drive live, so users can continue to work as it encrypts. It’s also designed to relinquish processor cycles to higher-priority user tasks like copying files or browsing.

With FileVault 2, an “instant wipe” feature removes the encryption key from the system instantaneously, making the data completely inaccessible. From there the Mac performs an entire wipe of the data from the disk.

Additionally, FileVault 2 now supports encryption of external USB and FireWire drives.

Apple ID authentication for file sharing - An Apple ID can now be used to log in to a remote Mac for file sharing. If others need to access a folder on a Mac, users don’t have to create separate user accounts and only need to add their Apple IDs to the list of authorized users, allowing them to log in with their credentials.

File Sharing Privacy - When users share a document — through email, iChat, or AirDrop, for instance — only the current version is sent; all other versions remain on the system. This should be obvious functionality and not really considered a feature!

Encrypted Backups - Time Machine backups can be more secure by backing up to an external USB or FireWire drive encrypted with FileVault 2.

Observe Only mode in Screen Sharing - A new “Observe Only” mode lets you watch a remote computer without controlling the mouse or trackpad movements so users don’t have to hand over full control of a system when collaborating on a project or demonstrating something to another user.

Removing all Web Site Data - Safari makes it simple to clear the information websites can use to track users online. In the Privacy pane, clicking “Remove All Website Data” causes Safari to remove cookies and Flash plug-in data, as well as information from databases, local storage, and the application cache. Data can also be cleared on a site-by-site basis.

Safari Autofill Protect Against XSS Attacks?Private AutoFill in Safari - Designed to help users fill out forms quickly while keeping personal information private. Safari keeps information private until users choose to send it by detecting web forms and presenting users with a drop-down field, letting them choose to use AutoFill to complete the form with information from the Address Book. This is great feature, but will it be able to fight off carefully crafted XSS attacks?

Additional new features in Lion include the ability to bring apps back exactly how you left them when you restart your Mac or quit and relaunch an app, as well as a new Auto Save feature which automatically and continuously saves your documents as you work. A new “Versions” feature automatically records the history of documents as they are created, and gives user an easy way to browse, revert and even copy and paste from previous versions. OS X Lion also includes a new “AirDrop” feature that finds nearby Macs and automatically sets up a peer-to-peer wireless connection for easy file sharing.

Mac OS X Lion is available today as a 3.9GB download from the Mac App Store™ for $29.99. Apple said that users who do not have broadband access will be able to download Lion at Apple retail stores, and in August will be made available on a USB thumb drive through the Apple Store for $69. Lion requires an Intel-based Mac with a Core 2 Duo, i3, i5, i7 or Xeon processor and 2GB of RAM.

Subscribe to the SecurityWeek Email Briefing
view counter