Linked by Thom Holwerda on Thu 5th Mar 2009 23:02 UTC
Privacy, Security, Encryption With the infamous PWN2OWN contest drawing ever closer, the heat is ramping up. This year's instalment pitches Apple's Safari (on the Mac), Google's Chrome, Internet Explorer 8, and Firefox (all on Windows 7) against one another, while also allowing crackers to take on mobile platforms. Last year's winner, Charlie Miller, who won by cracking Mac OS X within minutes last year, says Safari on the Mac will be the first to fall.
Thread beginning with comment 351909
To read all comments associated with this story, please click here.
Address Space Randomization
by cristoper on Fri 6th Mar 2009 00:15 UTC
cristoper
Member since:
2009-02-15

[...]the fact that it runs on Mac OS X, which he states lacks several security features that Windows Vista and Windows 7 do have, such as address space randomisation

Darwin 9 (Mac OS X 10.5) added address space layout randomization in October 2007.
http://en.wikipedia.org/wiki/Darwin_(operating_system)#Releases

Reply Score: 4

RE: Address Space Randomization
by fxer on Fri 6th Mar 2009 00:24 in reply to "Address Space Randomization"
fxer Member since:
2005-08-06

From wikipedia:

"Apple introduced randomization of some library offsets in Mac OS X v10.5, presumably as a stepping stone to fully implementing ASLR at a later date. Their implementation does not provide complete protection against attacks which ASLR is designed to defeat."

Reply Parent Score: 6

RE: Address Space Randomization
by mono on Fri 6th Mar 2009 00:26 in reply to "Address Space Randomization"
mono Member since:
2005-10-19

[...]the fact that it runs on Mac OS X, which he states lacks several security features that Windows Vista and Windows 7 do have, such as address space randomisation

Darwin 9 (Mac OS X 10.5) added address space layout randomization in October 2007.
http://en.wikipedia.org/wiki/Darwin_(operating_system)#Releases



"Apple introduced randomization of some library offsets in Mac OS X v10.5, presumably as a stepping stone to fully implementing ASLR at a later date. Their implementation does not provide complete protection against attacks which ASLR is designed to defeat" from wikipedia

Reply Parent Score: 2

cristoper Member since:
2009-02-15

Ah. I guess that's the kind of thing I would know if I read the articles I link to in my comments.

Thanks, both of you, for pointing it out.

Reply Parent Score: 2