Hackers are increasingly focusing on Apple's Mac OS X, and the number of newly discovered vulnerabilities has surged. Such a switch could mean big implications for Apple's user base, which has traditionally not had to concern itself too much over security.
It's been an impressively quiet year so far on the PC virus and worm front, and hackers seem to be focusing their attention elsewhere. One such area is Apple's Mac OS X. Once mostly ignored by malware developers, there appears to be a growing interest in this "alternative" OS.
Details
Have you noticed the dearth of serious PC virus and worm
threats out there lately? Well, it isn't a figment of your
imagination -- according to vnunet.com, viruses are no
longer the top security threat.
While serious attacks are still likely to emerge, the bottom has apparently fallen out of the PC antivirus market -- just as Microsoft begins a big push into the security market. One cause of this drop-off is solidifying defenses, which have led vandals to focus more on IM and phishing attacks.
But another reason is the increase of hacker interest in Macintosh -- specifically, Apple's OS X, at least according to McAfee's AVERT Labs. Apple may have left 1984 behind, but it's facing a brave new world of threats.
McAfee reports that 76 Apple-directed viruses emerged between 1987 and the start of this year. That's certainly an excellent reason for Apple to run TV ads touting its superior security and a good reason for Apple users to be smug.
But that may all be about to change. The number of newly discovered Mac OS X vulnerabilities has surged by more than 220 percent (annualised) from 2003 to 2005. Compare that to an 80 percent increase in the number of Windows vulnerabilities.
Of course, McAfee is in the business of selling antivirus software, so it's important to take its reports with a grain of salt (as with any antivirus vendor). However, it should be obvious to anyone that OS X's growing popularity on Apple computers has helped boost the level of known vulnerabilities.
But just because an antivirus vendor reports the numbers doesn't mean they aren't true. For example, consider the company's March 2006 patch, which addressed an unprecedented 20 new vulnerabilities. According to McAfee, Apple's Mac OS X is just as vulnerable to attacks as the much more popular Windows platform.
One major concern is whether Apple is prepared to meet this increasing level of attention from malware developers. It took years for Microsoft to really come to grips with the mechanics of releasing warnings and patches in a halfway decent way, and the number of attack vectors caused a lot of the problem. Apple is facing a brave new world of its own, and it may not be ready for the volume of threats that are developing.
Another big concern is just how many Mac users install antivirus software and update it properly. While I certainly wouldn't blame most of them for ignoring the minor problems and avoiding the extra expense, this could easily add to the problem as attack vectors multiply and actual attacks increase exponentially.
To make an informed judgment on your own, I recommend reading this McAfee white paper PDF about the emerging OS X threat. An interesting chart on page four shows statistics on Apple vulnerabilities from Secunia, FrSIRT, and the National Vulnerability Database.
While the numbers are still small when compared to Windows, the trend is extremely worrying. For a summary of current Apple threats and patches, Secunia's Apple Macintosh OS X Vulnerability Report is easier to understand than any of the "official" Apple sites I know.
Recently, there's been a critical, unpatched remote denial of service and system access threat to Mac OS X. Secunia Advisory 19686 lists these CVE references for the unpatched vulnerabilities: CVE-2006-1983, CVE-2006-1985, CVE-2006-1982, CVE-2006-1984, CVE-2006-1986, CVE-2006-1987, and CVE-2006-1988. The same bulletin lists Tom Ferris as the source of the report and provides links to the original advisories.
Applicability
The vulnerability definitely affects Macintosh OS X 10.4.6
and probably other versions as well.
Risk level
Secunia has rated this threat as highly critical.
Fix
Apple has not yet released a patch. Until one is available,
don't open compressed archives or images from untrusted sources, and avoid
visiting untrusted Web sites.
Final word
For years, I've been reminding people that the product with
the biggest market share always gets the most attention, and that's a major reason
for Windows' propensity to be a target. I've also said that UNIX -- and Apple in particular -- was
mostly safe because it was an obscure target.
However, this is no longer the case. It's time for security professionals to begin addressing the probable complacency among end users in graphics departments or elsewhere in the company, who have been largely ignoring security threats.
TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to firewalls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.
©2006 TechRepublic, Inc.
Not that old chestnut again.. Geeeze, when will you hacks stop using 'mainstream' IT media to push this meme... The poverty of viruses on OS X has very little with market share... In fact the ego driven psyche of a virus author makes OS X a BIGGER target because of the prestige of being the first... Do some research please...