Slashdot Mirror

← Back to Stories (view on slashdot.org)

Snow Leopard Missed a Security Opportunity

Posted by kdawson on from the where-did-you-put-it-what-you-know-where-do-you-think-oh dept.

CWmike writes "Apple missed a golden opportunity to lock down Snow Leopard when it again failed to implement fully a security technology that Microsoft perfected nearly three years ago in Windows Vista, noted Mac researcher Charlie Miller said today. Dubbed ASLR, for address space layout randomization, the technology randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions, and thus makes it harder for them to craft reliable exploits. 'Apple didn't change anything,' said Miller, of Independent Security Evaluators, the co-author of The Mac Hacker's Handbook, and winner of two consecutive 'Pwn2own' hacker contests. 'It's the exact same ASLR as in Leopard, which means it's not very good.'"

1 of 304 comments (clear)

  1. Re:Surely this is only of any use to a hacker if . by JasterBobaMereel · · Score: 1, Redundant

    If you can run code that you did not load then your system is broken, if it is at a random location then you should not have access to it, at all, ever

    ASLR is all very well but if it ever succeeds in stopping something it just proves the rest of your security is not working .... ...and most exploits *still* just ask a user to run a program, at which point all this is moot ....

    --
    Puteulanus fenestra mortis