We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Macs now in firing line, says SANS

OS X far from bullet-proof

The SANS Institute warned of a steep increase in critical security holes in Apple Computer's Mac OS X operating system and in previously undiscovered "zero day" vulnerabilities in web browsers.

A booming cybercrime market is driving the growth in zero-day attacks, which are used against web browsers and enterprise applications by Oracle, Symantec and others to access sensitive data, SANS said.

After warning in November that hackers were turning their attention to security holes in applications, SANS again found that application attacks are on the rise, said Rohit Dhamankar, project manager for the SANS Top 20 and a lead security architect at TippingPoint, a division of 3Com.

In the last six months, malicious hackers have shifted from looking for holes in Windows Services, such as the LSASS (Local Security Authority Subsystem Service) hole that gave birth to the Sasser worm. That decline was offset by an increase in holes in client side software such as browsers, email clients, productivity tools and media players, he said.

"We haven't had vulnerabilities that lead to worms like Zotob or Sasser, but we have seen a large number of vulnerabilities in IE and other programs," Dhamankar said.

More than ever, software from Apple Computer is being targeted, Dhamankar said. "Its part of the shift to application (attacks). You've got zero-day (vulnerabilities) reported in Mac OS X and (Apple's) Safari browser. People can browse websites with a Mac and get infected," he said.

Mac OS X machines are still far safer from internet-based attacks than Microsoft Windows, but it's not bullet-proof, contrary to the beliefs of some of Apple's staunch supporters, Dhamankar said.

Often, flaws in file-format handling open the door to application hacks, as with the recent WMF (Windows Metafile) and Windows Address Book holes, Dhamankar said.

Media file formats for Apple QuickTime, Windows Media Player, and products from RealNetworks and Macromedia are also popular specimens for online criminals and malicious hackers, SANS said.

The volume of new holes is daunting. More than 100 such vulnerabilities, including cross site scripting and SQL injection flaws, might be discovered in a single week. The time between their discovery and their use in attacks is also diminishing, he said.

Enterprise applications such as networked backup services and Oracle databases continue to be hot targets, Dhamankar said.

"People are going for the data," Dhamankar said.

IDG UK Sites

Galaxy S6 UK release date, price, specs: When is the Samsung Galaxy S6 coming out? Galaxy S6 launch6......

IDG UK Sites

5 things we hate about MWC: What it's like to be a journalist at a technology trade show

IDG UK Sites

Interview: Lauren Currie aims to help design students bridge skills gap

IDG UK Sites

12in Retina MacBook Air release date rumours: new MacBook Air to have fingerprint ID, could launch...