The App Sandbox in OS X helps ensure that apps do only what they’re intended to do. App sandboxing isolates apps from the critical system components of your Mac, your data, and your other apps. Even if an app is compromised by malicious software, sandboxing automatically blocks it to keep your computer and your information safe. OS X delivers sandboxing protection in Safari by sandboxing the built-in PDF viewer and plug-ins such as Adobe Flash Player, Silverlight, QuickTime, and Oracle Java. And OS X sandboxes apps like the Mac App Store, Messages, Calendar, Contacts, Dictionary, Font Book, Photo Booth, Quick Look Previews, Notes, Reminders, Game Center, Mail, and FaceTime.
Runtime protections defend at the core.
The technically sophisticated runtime protections in OS X work at the very core of your Mac to help keep your system safe. Built right into the processor, the XD (execute disable) feature creates a strong wall between memory used for data and memory used for executable instructions. This protects against malware that attempts to trick the Mac into treating data the same way it treats a program in order to compromise your system. Address Space Layout Randomization (ASLR) changes the memory locations where different parts of an app are stored. This makes it difficult for an attacker to do harm by finding and reordering parts of an app to make it do something it wasn’t intended to do. OS X brings ASLR to the memory used by the kernel at the heart of the operating system, so the same defenses work at every level in your Mac.
More ways to keep your Mac safe.
While no system can be 100 percent immune from every threat, OS X lets you do even more to keep your information as safe as possible. You’ll find most of these additional security features in the Security & Privacy pane of System Preferences. Here are just a few of the things you can do:
- Turn on a firewall to prevent other machines from accessing services running on your Mac.
- Control access to your Mac by locking your screen after a period of inactivity.
- Set up secure file sharing.
- Securely delete outdated sensitive files with the Secure Empty Trash command.
- Use Password Assistant to create stronger passwords for local utilities like Users & Groups.
- Make sure you’re only running sharing services that you really need.