Study Finds Sharp Rise in Mac OS X Flaws
Computerworld - Just because you use a Mac, don't think you're any more secure than a Wintel user.
A sharp increase in the number of flaws discovered in Mac OS X suggests that the operating system from Apple Computer Inc. may soon be every bit as prone to malicious attacks as Windows, according to a report released last week by the SANS Institute, a Bethesda, Md.-based security training and research firm.
Mac OS X is still safer than Windows because its smaller installed base makes it a less attractive target for hackers. But the number of flaws discovered in OS X is leaving its reputation as a secure alternative to Windows "in tatters," according to the SANS semiannual update to its list of top Internet vulnerabilities.
"Users often feel invincible when they have their shiny silver-colored Apple and they are surfing the Web with it," said Ed Skodis, a director at SANS. But that may be a mistake, because "there's a significant amount of research going on for security vulnerabilities in the Mac OS," he noted.
About 52 vulnerabilities were discovered in Mac OS X in 2005, and 17 have been uncovered so far this year, said Amol Sarwate, manager of the vulnerability management lab at Qualys Inc., a Redwood Shores, Calif.-based security service provider that contributed to the study.
The number of vulnerabilities reported last year was more than double the 2004 total of 24 flaws, Sarwate said. At least a third of the flaws uncovered over the past year or so were considered critical, Sarwate said. Within the past few months, Apple's Safari Web browser has also faced its first attack targeted at an unpatched vulnerability.
Apple's increasing market share and its decision to use Intel Corp. chips have drawn increased hacker attention to OS X, Skodis said. Similarly, Apple's new Boot Camp, which allows Intel-based Macintoshes to run Windows XP, has also raised its risk profile, he added. Apple did not respond to requests for comment by press time.
The SANS study also showed that while the Firefox browser is still somewhat safer than Microsoft Corp.'s Internet Explorer, it's no panacea. According to SANS, over the past six months, users of Firefox and Mozilla have had to patch a number of critical vulnerabilities.
At the same time, there appears to be a significant decline in vulnerabilities being reported in Windows services. But that decline has been offset by a sharp increase in client-side flaws, Sarwate said.
Read more about Security in Computerworld's Security Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- The Truth About Virtual Computing for CAD If you're a user of graphics-intensive software such as 3D modeling, simulation and analysis, and visualization, you might be skeptical about moving to...
- Simplifying Product Design In A Complex World Product design engineering has moved far beyond the confines of ever-more powerful workstations. Companies can't afford to restrict projects to using only local...
- A Reference Architecture for the Internet of Things The aim of this is to provide Architects and Developers of IoT projects with an effective starting point that covers the major requirements...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer... All Hardware White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!