Study Finds Sharp Rise in Mac OS X Flaws
Computerworld - Just because you use a Mac, don't think you're any more secure than a Wintel user.
A sharp increase in the number of flaws discovered in Mac OS X suggests that the operating system from Apple Computer Inc. may soon be every bit as prone to malicious attacks as Windows, according to a report released last week by the SANS Institute, a Bethesda, Md.-based security training and research firm.
Mac OS X is still safer than Windows because its smaller installed base makes it a less attractive target for hackers. But the number of flaws discovered in OS X is leaving its reputation as a secure alternative to Windows "in tatters," according to the SANS semiannual update to its list of top Internet vulnerabilities.
"Users often feel invincible when they have their shiny silver-colored Apple and they are surfing the Web with it," said Ed Skodis, a director at SANS. But that may be a mistake, because "there's a significant amount of research going on for security vulnerabilities in the Mac OS," he noted.
About 52 vulnerabilities were discovered in Mac OS X in 2005, and 17 have been uncovered so far this year, said Amol Sarwate, manager of the vulnerability management lab at Qualys Inc., a Redwood Shores, Calif.-based security service provider that contributed to the study.
The number of vulnerabilities reported last year was more than double the 2004 total of 24 flaws, Sarwate said. At least a third of the flaws uncovered over the past year or so were considered critical, Sarwate said. Within the past few months, Apple's Safari Web browser has also faced its first attack targeted at an unpatched vulnerability.
Apple's increasing market share and its decision to use Intel Corp. chips have drawn increased hacker attention to OS X, Skodis said. Similarly, Apple's new Boot Camp, which allows Intel-based Macintoshes to run Windows XP, has also raised its risk profile, he added. Apple did not respond to requests for comment by press time.
The SANS study also showed that while the Firefox browser is still somewhat safer than Microsoft Corp.'s Internet Explorer, it's no panacea. According to SANS, over the past six months, users of Firefox and Mozilla have had to patch a number of critical vulnerabilities.
At the same time, there appears to be a significant decline in vulnerabilities being reported in Windows services. But that decline has been offset by a sharp increase in client-side flaws, Sarwate said.
Read more about Security in Computerworld's Security Topic Center.
- Accelerating Cloud Deployment and Operations with Managed Services Companies that do not have sufficient in-house expertise to either deploy or maintain an IaaS cloud should turn to Managed Service Providers .
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Simplifying Product Design In A Complex World Product design engineering has moved far beyond the confines of ever-more powerful workstations. Companies can't afford to restrict projects to using only local...
- A Reference Architecture for the Internet of Things The aim of this is to provide Architects and Developers of IoT projects with an effective starting point that covers the major requirements...
- What Does it Take to Deliver a Superior Customer Experience? The Two Top-Rated Online Retailers, B&H Photo and Crutchfield Electronics, Share Their Secrets Discuss practical CX tools and service methods such as contact center agents and the use of realtime speech analytics to help contact center...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Hardware White Papers | Webcasts