Study Finds Sharp Rise in Mac OS X Flaws
Computerworld - Just because you use a Mac, don't think you're any more secure than a Wintel user.
A sharp increase in the number of flaws discovered in Mac OS X suggests that the operating system from Apple Computer Inc. may soon be every bit as prone to malicious attacks as Windows, according to a report released last week by the SANS Institute, a Bethesda, Md.-based security training and research firm.
Mac OS X is still safer than Windows because its smaller installed base makes it a less attractive target for hackers. But the number of flaws discovered in OS X is leaving its reputation as a secure alternative to Windows "in tatters," according to the SANS semiannual update to its list of top Internet vulnerabilities.
"Users often feel invincible when they have their shiny silver-colored Apple and they are surfing the Web with it," said Ed Skodis, a director at SANS. But that may be a mistake, because "there's a significant amount of research going on for security vulnerabilities in the Mac OS," he noted.
About 52 vulnerabilities were discovered in Mac OS X in 2005, and 17 have been uncovered so far this year, said Amol Sarwate, manager of the vulnerability management lab at Qualys Inc., a Redwood Shores, Calif.-based security service provider that contributed to the study.
The number of vulnerabilities reported last year was more than double the 2004 total of 24 flaws, Sarwate said. At least a third of the flaws uncovered over the past year or so were considered critical, Sarwate said. Within the past few months, Apple's Safari Web browser has also faced its first attack targeted at an unpatched vulnerability.
Apple's increasing market share and its decision to use Intel Corp. chips have drawn increased hacker attention to OS X, Skodis said. Similarly, Apple's new Boot Camp, which allows Intel-based Macintoshes to run Windows XP, has also raised its risk profile, he added. Apple did not respond to requests for comment by press time.
The SANS study also showed that while the Firefox browser is still somewhat safer than Microsoft Corp.'s Internet Explorer, it's no panacea. According to SANS, over the past six months, users of Firefox and Mozilla have had to patch a number of critical vulnerabilities.
At the same time, there appears to be a significant decline in vulnerabilities being reported in Windows services. But that decline has been offset by a sharp increase in client-side flaws, Sarwate said.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- 4 Customers who never have to refresh their PCs again This paper illustrates a common theme: the combination of desktop virtualization and thin client computing helps organizations deliver an up-to-date user experience more...
- Mobile Devices: The New Thin Clients Get essential guidance for understanding the role thin clients plus virtual desktops play in the enterprise today.
- Taking Windows Mobile on Any Device Taking Windows applications mobile has many advantages, but the process of identifying a solution is complex. Learn how to solve this complex problem...
- PaaS - Powering a New Era of Business IT Why PaaS has suddenly become relevant and irresistible to many organizations. Dive into the opportunities and considerations associated with using PaaS from an...
- Redefine Your IT Operations: Remote Office IT Has Never Been Simpler Join us to see why PC Pro named Dell PowerEdge VRTX the "2013 Server of the Year." PowerEdge VRTX may be just what...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Hardware White Papers | Webcasts