Mountain Lion: the changes that Apple has said little about

Apple Mountain Lion will sell by the end of the month. July 24 is the date that occurs most often in terms of its launch. If during the presentations, Apple insisted on ten features (Reminders, Notes, Messages, ... Notification Center), there are many small innovations on which it has little.

OS X Lion: Understanding the puzzle of sandboxing

With OS X Lion, Apple has introduced many new features for users, but also for developers. One of them is the sandboxing applications, mandatory term for distributed applications through the Mac App Store. What is sandboxing? What changes does it for users? And especially that he changes for developers?

A sandbox with walls twelve feet high

It is traditionally possible for an application to access all data and software and hardware functions available. This logic, which makes the operating system on the front of the stage, has allowed the development of many system utilities, drivers, and most advanced applications. In this case, an application is free to come and go on his playground, and to do what she wants.

Change of strategy

Overall, the whole approach of the Apple security that Charlie Miller and castigated early March, although he conceded being "somewhat responsive to bugs that has been providing it with:" Apple does not pay security researchers. Apple assumes that it has no security problem and did not need to work with researchers. "Worse, he said," Apple is certainly capable of producing a safe product, but do just not yet made the effort. "And, in fact, Apple may have changed his tune: he moreover subject - among others - pre-release version of Mac OS X Leo.

In addition, Apple has recently recruited several experts in computer security: David Rice, a former NSA, Ivan Krstic, former director of the OLPC, or Windows Snyder, who has contributed to strengthening the security of Firefox.

And he has this apparent convergence between Mac OS X iOS. Apple uses sandboxing widely within IOS, but not in Mac OS X, maybe it will evolve. ALSR arrived in IOS with version 4.3, its use may be extended with Leo. Code signing is also utilized to secure iOS. With the Mac App Store, it used to protect applications distributed through this, against piracy. But perhaps Apple plans to go further ...

Safari, a victim of his age?

But if there's one application that one might be tempted to apply this perspective, it's Safari. A French window all the more sensitive it is open to a world where hostility is not lacking. And then, Apple has fallen behind Google and its sensitive Chrome: it is fully designed to isolate processes from each other and HTML rendering extensions, is the concept of sandboxing, confinement in bins sand, literally.
Safari for Mac could give the impression to use the sandboxing for plug-ins like flash, but isolation is not complete - it is just there to prevent the component to crash the browser.

Mac OS X Lion could change somewhat the situation: a new process is associated with Safari, and it could be exclusively dedicated to rendering HTML, Safari Web Content (read: Safari 5.1: separate processes and WebGL). But it remains far from that Chrome isolates each tab in a dedicated process. And for Miller, Apple has "failed - or did not seek" to make regularly available for Safari updates made to its rendering engine, WebKit. As to better illustrate this assertion, Chrome has already enjoyed a patch for the vulnerability exploited in the last Pwn2Own to make him fall.