OS X Lion Raises Bar on Security, But Battery Firmware Vulnerability Surfaces
The Register reports on some of the new security improvements in OS X Lion, with researchers calling the changes a "major overhaul" that goes far beyond the minor security tweaks Apple made going from Mac OS X Leopard to Snow Leopard.
"It's a significant improvement, and the best way that I've described the level of security in Lion is that it's Windows 7, plus, plus," said Dino Dai Zovi, principal of security consultancy Trail of Bits and the coauthor of The Mac Hacker's Handbook. "I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users, too."
In particular, the report points to such features as full support for address space layout randomization (ASLR), application sandboxing, and a revamped FileVault encryption system as being key to Lion's improved security.
"When they went from Leopard to Snow Leopard, as far as I'm concerned, there really wasn't any change," said Charlie Miller, principal research consultant at security firm Accuvant and the other coauthor of The Mac Hacker's Handbook. "They might have said there was more security and it was better, but at a low functionality level there really wasn't any difference. Now, they've made significant changes and it's going to be harder to exploit."
Miller isn't only interested in operating system and core application vulnerabilities, however, as evidenced by his recent discovery of a vulnerability in the chips that control the batteries in Apple's notebooks. That vulnerability could be exploited on a basic level to harm battery function or with additional effort to implant malware that could reinfect computers multiple times.
The batteries' chips are shipped with default passwords, such that anyone who discovers that password and learns to control the chips' firmware can potentially hijack them to do anything the hacker wants. That includes permanently ruining batteries at will, and may enable nastier tricks like implanting them with hidden malware that infects the computer no matter how many times software is reinstalled or even potentially causing the batteries to heat up, catch fire or explode. "These batteries just aren't designed with the idea that people will mess with them," Miller says. "What I'm showing is that it's possible to use them to do something really bad."
Miller plans to officially announce his discoveries at next month's Black Hat conference, and he will also be releasing a new "Caulkgun" tool to allow Mac notebook users to change their batteries' default passwords to randomized strings. That move would help keep hackers out of the batteries, but also prevent Apple from issuing its own upgrades and fixes for the battery firmware. Miller has also been in touch with Apple and Texas Instruments regarding the vulnerability.
Popular Stories
Earlier this year, YouTuber Jon Prosser shared multiple videos showing off what he claimed to be re-created renderings of what was then presumed to be called iOS 19 and which was eventually unveiled by Apple as iOS 26 at WWDC in June.
In his first video back in January, Prosser showed off a Camera app redesign with a simpler set of buttons for moving between photo and video modes, and he...
Apple previously announced that a public beta of iOS 26 would be available in July, and now a more specific timeframe has surfaced.
Bloomberg's Mark Gurman today said that Apple's public betas should be released on or around Wednesday, July 23. In other words, expect the public betas of iOS 26, iPadOS 26, macOS 26, and more to be available at some point next week.
Apple will be releasing...
We may finally have a definitive list of all color options for the iPhone 17 series, ahead of the devices launching in September.
MacRumors concept
In a report for Macworld today, Filipe Espósito said he obtained an "internal document" that allegedly reveals all of the color options for the upcoming iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max models.
The report includes ...
We have just under two months to go until the debut of Apple's iPhone 17 models, and rumors have been ramping up in recent weeks. We went through everything we know so far, pulling out the most exciting rumors and highlighting some other changes that aren't going to be so great.
Top Tier
Ultra Thin iPhone 17 Air - The iPhone 17 Air is 2025's most exciting iPhone rumor, because it's the...
Apple's long-rumored foldable iPhone will likely have a starting price between $1,800 and $2,000 in the U.S., analysts at investment banking firm UBS said this week. If so, the foldable iPhone would cost more than a MacBook Pro, which starts at $1,599.
With a starting price of at least $1,800, the foldable iPhone would be the most expensive iPhone model ever released, topping the Pro Max at...
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are only two months away, and there are plenty of rumors about the devices.
Below, we recap key changes rumored for the iPhone 17 Pro models.
Latest Rumors
These rumors surfaced in June and July:A redesigned Dynamic Island: It has been rumored that all iPhone 17 models will have a redesigned Dynamic Island interface — it might ...
The long wait for an Apple Watch Ultra 3 is nearly over, and a handful of new features and changes have been rumored for the device.
Below, we recap what to expect from the Apple Watch Ultra 3:Satellite connectivity for sending and receiving text messages when Wi-Fi and cellular coverage is unavailable
5G support, up from LTE on the Apple Watch Ultra 2
Likely a wide-angle OLED display that ...
Apple today said its store at the Westfield Hornsby shopping mall, in Hornsby, Australia, will be permanently closing in October.
Apple Hornsby
In a statement shared with Australian tech news website EFTM (via Reddit), Apple said that it has decided not to renew its lease at Westfield Hornsby. Apple said all affected retail employees will be given the opportunity to work at Apple's nearby...