OS X Lion Raises Bar on Security, But Battery Firmware Vulnerability Surfaces
The Register reports on some of the new security improvements in OS X Lion, with researchers calling the changes a "major overhaul" that goes far beyond the minor security tweaks Apple made going from Mac OS X Leopard to Snow Leopard.
"It's a significant improvement, and the best way that I've described the level of security in Lion is that it's Windows 7, plus, plus," said Dino Dai Zovi, principal of security consultancy Trail of Bits and the coauthor of The Mac Hacker's Handbook. "I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users, too."
In particular, the report points to such features as full support for address space layout randomization (ASLR), application sandboxing, and a revamped FileVault encryption system as being key to Lion's improved security.
"When they went from Leopard to Snow Leopard, as far as I'm concerned, there really wasn't any change," said Charlie Miller, principal research consultant at security firm Accuvant and the other coauthor of The Mac Hacker's Handbook. "They might have said there was more security and it was better, but at a low functionality level there really wasn't any difference. Now, they've made significant changes and it's going to be harder to exploit."
Miller isn't only interested in operating system and core application vulnerabilities, however, as evidenced by his recent discovery of a vulnerability in the chips that control the batteries in Apple's notebooks. That vulnerability could be exploited on a basic level to harm battery function or with additional effort to implant malware that could reinfect computers multiple times.
The batteries' chips are shipped with default passwords, such that anyone who discovers that password and learns to control the chips' firmware can potentially hijack them to do anything the hacker wants. That includes permanently ruining batteries at will, and may enable nastier tricks like implanting them with hidden malware that infects the computer no matter how many times software is reinstalled or even potentially causing the batteries to heat up, catch fire or explode. "These batteries just aren't designed with the idea that people will mess with them," Miller says. "What I'm showing is that it's possible to use them to do something really bad."
Miller plans to officially announce his discoveries at next month's Black Hat conference, and he will also be releasing a new "Caulkgun" tool to allow Mac notebook users to change their batteries' default passwords to randomized strings. That move would help keep hackers out of the batteries, but also prevent Apple from issuing its own upgrades and fixes for the battery firmware. Miller has also been in touch with Apple and Texas Instruments regarding the vulnerability.
Popular Stories
Apple is entering its most significant leadership transition in more than a decade as multiple senior executives prepare to depart and CEO Tim Cook begins to shape the company's next generation of leaders, according to Bloomberg's Mark Gurman.
In the latest edition of his "Power On" newsletter, Gurman explained that Jeff Williams, who was viewed as Cook's potential successor for several...
Apple today released new firmware designed for the AirPods Pro 3, prior-generation AirPods Pro 2, and the AirPods 4 models. The firmware has a build number of 8A358, up from 8A356.
There's no word on what's include in the updated firmware, but the prior 8A356 update added iOS 26 features to the AirPods Pro 2, AirPods Pro 3, and AirPods 4 with ANC. The software introduced better audio quality ...
iOS 26 was released last month, but the software train never stops, and iOS 26.1 beta testing is already underway. So far, iOS 26.1 makes both Apple Intelligence and Live Translation on compatible AirPods available in additional languages, and it includes some other minor changes across Apple Music, Calendar, Photos, and Safari.
More features and changes will follow in future versions,...
With the second beta of iOS 26.1, Apple updated the design of alarms set on the iPhone, making them harder to dismiss than before.
Stopping an alarm in iOS 26.1 beta 2 requires a new Slide to Stop gesture rather than a simple tap. You can continue to tap to snooze an alarm, but if you want to turn it off entirely, you need to use a swipe.
Transitioning from a tap to a slide gesture to...
A new iPad mini is "absolutely" on the way, according to Bloomberg's Mark Gurman. So what should we expect from the successor to the iPad mini 7 that Apple released a year ago?
Processor and Performance
Apple is working on a next-generation version of the iPad mini (codename J510/J511) that features the A19 Pro chip, according to information found in code that Apple mistakenly shared in...
After launching new iPhones last month, Apple is promoting iCloud+ with a prominent banner on its home page, in a bid to boost its services revenue. In addition to more storage, all iCloud+ plans include five perks for iPhone users.
As a refresher, iCloud includes 5GB of storage for free. If you want extra storage, you need to subscribe to an iCloud+ plan. In the United States, prices range...
Apple released the second beta of iOS 26.1 and iPadOS 26.1, introducing useful changes to alarms, multitasking on the iPad, and more. There are also subtle tweaks to some of the Liquid Glass design elements as Apple continues to refine iOS 26.
Alarms and Timers
Alarms set using the Clock app now have a slide to stop button rather than a tap to stop button on the Lock Screen. To snooze an...
Apple's website offers a list of nearly 200 new features and changes (PDF file) included in the software update, released last month.
Apple also shared equivalent lists for iPadOS 26 and macOS Tahoe.
iOS 26 is compatible with the iPhone 11 and newer. To install the update, open the Settings app on your iPhone, tap on General, and tap on Software Update.
Below, we have highlighted eight ...
Supplies of the 14-inch M4 MacBook Pro model appear to be constrained amid rumors that an upgraded M5 model could launch as soon as this year.
As noted by Bloomberg's Mark Gurman, custom configurations of the M4 MacBook Pro model have a delayed shipping date and will not be delivered to customers until October 23 to 28. The restricted supply could be an indication that Apple is planning to...