On March 24th, 2001, Apple shipped the first release of its next generation operating system called Mac OS X (Apple 7, p. 1). Version 10.0 was preceded by a Public Beta release on September 13, 2000 (Apple 4, p. 1). A discussion of the lineage of the operating system and a preliminary analysis of the security implications of the Public Beta has already been conducted (Crow, p.1). This report constitutes an evaluation of the out-of-the-box security of the shipping version of Mac OS X. The security features and vulnerabilities evaluated in this report form the foundation for most security aspects of the operating system and therefore should be considered essentials for anyone involved in maintaining a Mac OS X system. As of this writing, the current version of Mac OS X is 10.0.4 Build 4Q12 for most systems. This report will evaluate this particular version and build with the Web Sharing Update 1.0 installed (Apple 10, p. 1). It should be noted that there is also a server version of Mac OS X shipping called Mac OS X Server 10.0, which is based on the Mac OS X core. The server version has essentially kept sync with the general version with regard to security patches, updates, and version numbers. Virtually all of what is discussed in this report will apply to the server version. However, the issues detailed here are not all inclusive for the server product as there is much more functionality with security connotations contained in the server version than in the general release. In addition, Mac OS X 10.1 has been announced for release in September of this year (Apple 3, p.1) . However, no build of this version has been officially released to the public and therefore it will not be evaluated…

Download Mac OS X 10.0 Security Essentials.Pdf