Updating to leopard

Vulnerabilities that corrupt program memory often rely on known addresses for these library routines, which allow injected code to launch processes or change files.Library randomization is presumably a stepping-stone to a more complete implementation of address space layout randomization at a later date.According to Apple, Leopard contains over 300 changes and enhancements over its predecessor, Mac OS X Tiger, covering core operating system components as well as included applications and developer tools.

The new firewall offers less control over individual packet decisions (users can decide to allow or deny connections system wide or to individual applications, but must use IPFW to set fine-grained TCP/IP header-level policies).

It also makes several policy exceptions for system processes: neither m DNSResponder nor programs running with superuser privileges are filtered.

Apple later clarified that a read-only version of ZFS would be included.

which randomizes the locations of some libraries in memory.

This reduces the number of user security prompts, and the likelihood of the user being trained to simply clicking "OK" to everything.

Security features in Leopard have been criticized as weak or ineffective, with the publisher Heise Security documenting that the Leopard installer downgraded firewall protection and exposed services to attack even when the firewall was re-enabled.

A common way is use of the program Leopard Assist, which is a bootloader similar in some respects to XPost Facto (used for installing earlier releases of Mac OS X on unsupported G3 and pre-G3 Macs) that uses the Mac’s Open Firmware to tell Leopard that the machine does have a CPU meeting the 867 MHz minimum requirement that the Installer checks for before installation is allowed to commence, when in reality the CPU is slower.

Currently, Leopard Assist only runs on slower G4s and many people have installed Leopard successfully on these older machines.

Leopard can run on the later flat-panel i Mac G4s, the i Mac G5, i Mac Intel Core Duo and i Mac Intel Core 2 Duo, Power Book G4, Power Mac G4, Power Mac G5, i Book G4, Mac Book, Mac Book Pro, Mac Book Air, Mac Pro, Mac Mini, Xserve, Xserve G5, Xserve RAID, Macintosh Server G4, and later e Mac models.

Leopard can run on older hardware as long as they have a G4 upgrade installed running at the 867 MHz or faster, have at least 9 GB free of hard drive space, 512 MB RAM and have a DVD drive.

Several researchers noted that the Library Randomization feature added to Leopard was ineffective compared to mature implementations on other platforms, and that the new "secure Guest account" could be abused by Guests to retain access to the system even after the Leopard log out process erased their home directory.

Tags: , ,