OS X Lion’s Release of the “Golden Master”

July 2011 deployment to GM1 or Golden Master developers of Apple’s operating system OS X Lion (technically, OS X 10.7).  Apple’s Lion release, critically hailed as the “Windows 7, plus, plus” of security.

Three main factors for Lion’s upgraded security are:
(1) its advanced ASLR (address space layout randomization); (2) its updated secure sandboxing; and (3) its full disk encryption system that bypasses interference with other OS features.

This ASLR now masterfully changes the memory location of critical system components in a way only rudimentarily achieved by Apple’s earlier Leopard system, making hacking far more difficult.

Lion’s new sandboxing severely restricts application interaction with the OS. For one, its Safari Web Content has separated the browser interface function from that which parses JavaScript, images, and like web content.

The full disk encryption system has been expanded from the user directory level to the block level, now permitting entire hard drive encryption. File Vault 2 further allows disk content encryption as Mac sleeps and CDs are no longer required to restore backup files. The new system interfaces with Mac’s T Machine feature for automatic disk content backup.