Apple Updates Mountain Lion Developer Preview With New Security Features

Apple has issued a new update for Mountain Lion Developer Preview 4 via the Mac App Store. It was first noticed by Twitter user @Lhunar and introduces the new Mountain Lion Security Update system.

The new system does daily checks for security updates as Apple ramps up its security protocols in the next-generation operating system. Earlier this month, it was noticed that Apple had changed the language on its OS X marketing pages following the Flashback malware attack earlier this year.

The new security system in Mountain Lion -- including Gatekeeper and other features -- appears to be a significant expansion of the XProtect system that Apple has used in the past to try to thwart OS X malware.

Securityupdate

OS X Security Update Test 1.0 -- Restart Required

This update tests the new Mountain Lion Security Updates system. The new system includes:

- Daily Checks for required security updates
- The ability to install required security updates automatically or after restarting your Mac
- A more secure connection to Apple's update servers.

This update includes general updates and improvements to Mountain Lion Developer Preview 4.

The update weighs in at 1.16GB and is available to developers with Mountain Lion DP4 installed via the Mac App Store.

Top Rated Comments

munkery Avatar
116 months ago
OS X NEVER was more secure than Windows - that's just a stupid myth.

1) Until Vista, the admin account in Windows did not implement DAC in a way to prevent malware by default. Also, Windows has a far greater number of privilege escalation vulnerabilities that allow bypassing DAC restrictions even if DAC is enabled in Windows.

Much of the ability to turn these vulnerabilities into exploits is due to the insecurity of the Windows registry. Also, more easily being able to link remote exploits to local privilege escalation exploits in Windows is due to the Windows registry.

Mac OS X does not use an exposed monolithic structure, such as the Windows registry, to store system settings. Also, exposed configuration files in OS X do not exert as much influence over associated processes as the registry does in Windows.

Mac OS X Snow Leopard has contained only 4 elevation of privilege vulnerabilities since it was released; obviously, none of these were used in malware. Lion has contained 2 so far but one of these vulnerabilities doesn't affect all account types because of being due to a permissions error rather than code vulnerability.

The following link shows the number of privilege escalation vulnerabilities in Windows 7 related to just win32k:

http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=win32k+7

More information about privilege escalation in Windows 7:

http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/ -> guide to develop exploits to bypass UAC by manipulating registry entries for kernel mode driver vulnerabilities.

https://media.blackhat.com/bh-dc-11/Mandt/BlackHat_DC_2011_Mandt_kernelpool-wp.pdf -> more complete documentation about Windows kernel exploitation.

http://mista.nu/research/mandt-win32k-paper.pdf -> more complete documentation about alternative methods to exploit the Windows kernel.

http://threatpost.com/en_us/blogs/tdl4-rootkit-now-using-stuxnet-bug-120710 -> article about the TDL-4 botnet which uses a UAC bypass exploit when infecting Windows 7.

2) Windows has the potential to have full ASLR but most software does not fully implement the feature. Most software in Windows has some DLLs (dynamic link libraries = Windows equivalent to dyld) which are not randomized.

http://secunia.com/gfx/pdf/DEP_ASLR_2010_paper.pdf -> article overviewing the issues with ASLR and DEP implementation in Windows.

Also, methods have been found to bypass ASLR in Windows 7.

http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf -> article describing bypassing ASLR in Windows 7.

Mac OS X has full ASLR implemented on par with Linux. This includes ASLR with position independent executables (PIE). DLLs in Windows have to be pre-mapped at fixed addresses to avoid conflicts so full PIE is not possible with ASLR in Windows.

Using Linux distros with similar runtime security mitigations as Lion for a model, client-side exploitation is incredibly difficult without some pre-established local access. Of course, this is self defeating if the goal of the exploitation is to achieve that local access in the first place.

See the paper linked below about bypassing the runtime security mitigations in Linux for more details.

http://www.blackhat.com/presentations/bh-europe-09/Fritsch/Blackhat-Europe-2009-Fritsch-Bypassing-aslr-slides.pdf

The author only manages to do so while already having local access to the OS.

3) Mac OS X Lion has DEP on stack and heap for both 64-bit and 32-bit processes. Third party software that is 32-bit may lack this feature until recompiled in Xcode 4 within Lion. Not much software for OS X is still 32-bit.

But, not all software in Windows uses DEP; this includes 64-bit software. See first article linked in #2.

4) Mac OS X implements canaries using ProPolice, the same mitigation used in Linux. ProPolice is considered the most thorough implementation of canaries. It is known to be much more effective than the similar system used in Windows.

http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-silberman/bh-us-04-silberman-paper.pdf -> article comparing ProPolice to stack canary implementation in Windows.

5) Application sandboxing and mandatory access controls (MAC) in OS X are the same thing. More specifically, applications are sandboxed in OS X via MAC. Mac OS X uses the TrustedBSD MAC framework, which is a derivative of MAC from SE-Linux. This system is mandatory because it does not rely on inherited permissions. Both mandatorily exposed services (mDNSresponder, netbios...) and many client-side apps (Safari, Preview, TextEdit…) are sandboxed in Lion.

Windows does not have MAC. The system that provides sandboxing in Windows, called mandatory integrity controls (MIC), does not function like MAC because it is not actually mandatory. MIC functions based on inherited permissions so it is essentially an extension of DAC (see #1). If UAC is set with less restrictions or disabled in Windows, then MIC has less restrictions or is disabled.

http://www.exploit-db.com/download_pdf/16031 -> article about Mac sandbox.

http://msdn.microsoft.com/en-us/library/bb648648(v=VS.85).aspx -> MS documentation about MIC.

https://media.blackhat.com/bh-eu-11/Tom_Keetch/BlackHat_EU_2011_Keetch_Sandboxes-Slides.pdf -> researchers have found the MIC in IE is not a security boundary.

6) In relation to DAC and interprocess sandboxing in OS X in comparison with some functionality of MIC in Windows 7 (see #5), the XNU kernel used in OS X has always had more secure interprocess communication (IPC) since the initial release of OS X.

Mac OS X, via being based on Mach and BSD (UNIX foundation), facilitates IPC using mach messages secured using port rights that implement a measure of access controls on that communication. These access controls applied to IPC make it more difficult to migrate injected code from one process to another.

Adding difficulty to transporting injected code across processes reduces the likelihood of linking remote exploits to local exploits to achieve system level access.

As of OS X Lion, the XPC service has also been added to implement MAC (see #5) on IPC in OS X. (http://developer.apple.com/library/mac/#documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingXPCServices.html)

7) Windows has far more public and/or unpatched vulnerabilities than OS X.

http://www.vupen.com/english/zerodays/ -> list of public 0days.

http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker -> another list of public 0days. (Most if not all of the Apple vulnerabilities in this list were patched in the latest Apple security update -> http://support.apple.com/kb/HT5002)

http://m.prnewswire.com/news-releases/qihoo-360-detects-oldest-vulnerability-in-microsoft-os-110606584.html -> article about 18 year old UAC bypass vulnerability.

8) Password handling in OS X is much more secure than Windows.

The default account created in Windows does not require a password. The protected storage API in Windows incorporates the users password into the encryption key for items located in protected storage. If no password is set, then the encryption algorithm used is not as strong. Also, no access controls are applied to items within protected storage.

In Mac OS X, the system prompts the user to define a password at setup. This password is incorporated into the encryption keys for items stored in keychain. Access controls are implemented for items within keychain.

Also, Mac OS X Lion uses a salted SHA512 hash, which is still considered cryptographically secure. It is more robust than the MD4 NTLMv2 hash used to store passwords in Windows 7.

http://www.windowsecurity.com/articles/How-Cracked-Windows-Password-Part1.html -> article about Windows password hashing.

9) The new runtime security mitigation improvements to be included in Windows 8 have already been defeated.

http://vulnfactory.org/blog/2011/09/21/defeating-windows-8-rop-mitigation/

To put this into perspective, methods to bypass the new runtime security mitigations in Mac OS X Lion are not yet available.

10)In regards to recent earlier version of Mac OS X:

The following article relates to varying levels of security mitigations in different Linux distros but it is applicable in revealing that the runtime security mitigations in some earlier versions of Mac OS X prior to Lion were far from inadequate.

http://www.blackhat.com/presentations/bh-europe-09/Fritsch/Blackhat-Europe-2009-Fritsch-Bypassing-aslr-slides.pdf

While Mac OS X Leopard/SL lack full ASLR, Windows Vista/7 have stack canaries (aka stack cookies) that are trivial to bypass.

The following link shows the issues with stack canaries in Windows. -> http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-silberman/bh-us-04-silberman-paper.pdf

So:

Windows Vista/7 = NX + ASLR
Mac OS X Leopard/SL = NX + stack cookies

These articles show that NX in combination with stack canaries is more difficult to bypass than a combination of NX and ASLR.

11) Mountain Lion only improves upon the security of Lion.

BTW, Safari on a Mac running Lion was not hacked at the last pwn2own.
Score: 17 Votes (Like | Disagree)
Comeagain? Avatar
116 months ago
Please stop saying "weighs in at".

Do you have weight issues? :p:D
Score: 16 Votes (Like | Disagree)
mbh Avatar
116 months ago
Do you have weight issues? :p:D

No, but that phrase is overused and nonsensical. It's about as hackneyed as "we reached out to X for a comment".

How about "The update is 1.2GB." and "We contacted X for a comment."
Score: 13 Votes (Like | Disagree)
cmChimera Avatar
116 months ago
This is awesome. What to do when your operating system is already way more secure than Windows? Double down on security. Props to Apple.
Score: 11 Votes (Like | Disagree)
cmChimera Avatar
116 months ago
to be honest, the OS hasnt been secure before AT ALL. no one just seemed to have bothered because OS X was barely a target to those virus dev idiots
I disagree that the OS wasn't relatively secure, and definitely better than Windows. It obviously wasn't perfect, but working with Windows and Mac OS X really showed me the difference in levels of security. I also don't really believe in the idea that Mac OS X has been safer from malware simply because no one cared to attack it.
Score: 10 Votes (Like | Disagree)
Alfred.Woodden Avatar
116 months ago
Good. I like that it installs security updates in the background, so we can focus on just using the Mac, and not those horrible "Security Update available. Download now" messages.
Score: 10 Votes (Like | Disagree)

Top Stories

prosser macbook air colors stacked

Images Reveal Colorful New MacBook Air Design

Tuesday May 11, 2021 5:06 am PDT by
Apple's next MacBook Air will feature a completely new design and come in a range of colors like the 24-inch iMac, according to leaker Jon Prosser, who has now released supposedly accurate renders of the new machines based on leaked images. In a new video uploaded to YouTube channel Front Page Tech, Prosser elaborated on his previous prediction that Apple's next-generation MacBook Air models ...
m1 ipad pro chip

M1 iPad Pro Over 50% Faster Than Previous Generation in Early Benchmarks

Tuesday May 11, 2021 11:56 am PDT by
Last month, Apple introduced a new iPad Pro with the same M1 chip found in the latest Macs, and early benchmark results indicate that the M1 iPad Pro is over 50% faster than the previous-generation iPad Pro. Based on five legitimate Geekbench 5 results (here's the fifth) for the fifth-generation 12.9-inch iPad Pro with the M1 chip, the device has average single-core and multi-core scores of...
iPhone 13 Camera Backs

iPhone 13 Models Will Be Slightly Thicker and Will Have Larger Camera Bumps

Monday May 10, 2021 10:41 am PDT by
Apple's upcoming iPhone 13 models will be slightly thicker than the iPhone 12 models and will also feature larger, thicker camera bumps with lenses that protrude less, according to iPhone 13 schematics seen by MacRumors. The new iPhone 13 and 13 Pro models are expected to feature a thickness of 7.57mm, up from 7.4mm in the iPhone 12 models. That's an increase of 0.17mm, which won't be hugely ...
apple park drone june 2018 2

Apple Fires Newly Hired Ex-Facebook Product Manager Following Revelations of Past Misogynistic Comments

Thursday May 13, 2021 12:10 am PDT by
Apple has fired Antonio García Martínez, an ex-Facebook product manager and author of the controversial book "Chaos Monkeys," following public and internal calls for removal and investigation due to past misogynistic statements, The Verge reports. Apple hired Martínez earlier this week to join its ads team, however, comments that Martínez made in the past sparked condemnation from users...
imac m1 blue isolated 16x9 500k

M1 iMac is Up to 56% Faster Than Prior-Generation High-End 21.5-Inch iMac

Wednesday May 12, 2021 10:03 am PDT by
Apple's M1 iMacs are set to start delivering to customers next week, and ahead of the official launch day, benchmarks for the machines have been showing up on Geekbench, likely from reviewers who are testing them. It will come as no surprise that M1 iMac benchmarks are right on par with benchmarks for the M1 MacBook Pro, MacBook Air, and Mac mini, coming in with an average single-core score...
iPad Pro Feature

Early M1 iPad Pro Orders Now Preparing to Ship

Tuesday May 11, 2021 9:41 am PDT by
Apple will soon ship out 11 and 12.9-inch M1 iPad Pro models, according to multiple Twitter users and MacRumors readers who have seen their orders shift to "Preparing to Ship" status. So far, we haven't seen any shipment notifications, but that's the next step and is likely to happen in the near future. Apple has not provided an exact delivery date to those who ordered a new M1 iPad Pro, but ...
fortnite apple logo 2

Judge in Epic vs. Apple Case Floats Potential Compromise

Wednesday May 12, 2021 3:54 pm PDT by
In the ongoing legal battle between Apple and Epic Games, the two companies are this week calling up their expert witnesses to argue their points before Judge Yvonne Gonzalez Rogers, who will make a decision in the case after a three week trial. Expert testimony is not as exciting as some of the leaked App Store documents that were highlighted last week, especially as much of what's being...
AirTag in Envelope Feature 2

AirTag Used to Successfully Track a Mailed Package Across the UK

Wednesday May 12, 2021 8:44 am PDT by
An Apple customer in the United Kingdom has successfully used Apple's Find My network to track an AirTag as it was being sent by mail to a friend in a completely different city. Outlined in a blog post at Intego, Kirk McElhearn said he taped an AirTag to a piece of card, wrapped it inside a small bubble envelope, and then sent it on its way. Kirk lives in the small town of...
maxresdefault

Video: Make Your iPhone Last Longer With These Battery Preserving Tips

Monday May 10, 2021 1:23 pm PDT by
Maximizing battery life is something that many iPhone users deal with on a regular basis as we all want our iPhones to last as long as possible. Sometimes there are bugs in iOS that make the battery drain faster, and sometimes we just need to eke out as much as possible on a long day out and about. Subscribe to the MacRumors YouTube channel for more videos. In our latest YouTube video, MacRumo...
macos big sur ios 14 iphone 12 pro macbook air icloud drive desktop documents hero

Apple Merging 'iCloud Documents and Data' Service With iCloud Drive in May 2022

Tuesday May 11, 2021 2:36 am PDT by
Apple plans to merge its iCloud Documents and Data service with iCloud Drive starting in May of 2022, according to a support document published late last week (via MacGeneration). iCloud Drive and iCloud Documents and Data share the fundamental ability to backup data from apps. However, iCloud Documents and Data was often a cumbersome, confusing experience. In contrast, iCloud Drive is more...