We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Security 'holiday' is over for Mac users

Analysts warn users to be vigilant

The flaws found in Apple's Mac OS X over the past few days hammer home the fact that no technology platform is invulnerable to attacks, according to security analysts.

All it takes is a certain level of interest on the part of hackers and security researchers to increase the threats associated with any platform, they have said.

"All software has bugs, and a certain percentage of those bugs will be security vulnerabilties," said Ira Winkler, an independent security analyst and author of the book Spies Among Us.

Given a sufficiently large installed base and a certain level of interest in a technology, the likelihood of such vulnerabilties being discovered also increases significantly, said Pete Lindstrom, analyst at Spire Security.

"In Apple's case, you can credit the media and all those folks who said the [OS X] platform was inherently secure [for drawing attention to it]," Lindstrom said. Also playing a big part is the publicity surrounding Apple's recent decision to move to Intel's microprocessors, analysts said.

Collectively, four separate pieces of malware targeting Mac OS X have emerged since 13 February. The first one, known as Leap.A, was not fully functional and was limited in scope and impact, according to Ken Dunham, director of the rapid response team at iDefense, a VeriSign company. The second family of Mac OS X malware consisted of a similarly low-risk, proof-of-concept code named Inqtana, and two variants that attempted to spread over a Bluetooth vulnerability in Mac OSX 10.3.9.

In addition, a critical, new and as yet unpatched vulnerability has been discovered in Apple's Safari web browser. The flaw, discovered by Michael Lehn, a graduate student at the University of Ulm in Germany, allows arbitrary code to be executed on a user's system simply by visiting a malicious web page.

Though none of the threats are considered especially serious, the emergence of such code is significant all the same for Apple users, Dunham said.

"It shows increased activity and viability for future Macintosh-based threats on the Mac OS X platform," Dunham said, pointing out that the last major Mac threat was the Autostart worm in 1998.

"As a result, many Macintosh users are more likely to be complacent toward computer security and therefore are more likely to be vulnerable to any future threats that emerge against the Macintosh operating system," he said.

"For some Mac users, this can be a wake-up call," said Craig Schmuger, virus research manager at McAfee. Macintosh users can almost certainly expect to see an increase both in the number of vulnerabilities discovered in the technology and in code designed to exploit them, Schmuger said.

But it's important for Mac users to have the right perspective on the issue, said Vincent Weafer, senior director of security response at Symantec. "You are no more at risk than a week ago, but it is a good time to go back and take a look at your security practices," he said.

When it comes to vulnerabilities in its software, Apple has had its share. Over the past two years, for instance, Apple has issued about 58 advisories relating to vulnerabilities in its software, compared with 127 for Windows XP, Weafer said.

"What is hugely different, though, [when compared to Microsoft] is the number of attacks on the Windows side versus the Macintosh side," he said.

Currently there are more than 150,000 known attacks against Windows vulnerabilities compared with fewer than 100 on the Macintosh side, according to Schmuger. As a result, the threats faced by Windows users is much greater than that faced by Macintosh users.

"I'm not going to say Macintosh is as inherently buggy as Windows was about five years ago," Winkler said. "But the holiday is over."


IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

Tomorrow's World today (or next year)

IDG UK Sites

See how Trunk's animated ad helped Ade Edmondson plug The Car Buying Service

IDG UK Sites

Yosemite tips: Complete Guide to OS X Yosemite