Security experts not surprised the Mac was hacked
One calls Mac 'as vulnerable as most other operating systems'
Macworld - Security researcher Dino Dai Zovi sent a shudder through the Macintosh community late last week when he successfully hacked the Mac with an exploit that he sent to a friend attending the CanSecWest security conference. By gaining shell access to a Mac by pointing the Safari Web browser at a specially-constructed Web page, Dai Zovi won a $10,000 prize from 3Com’s Tipping Point division -- and took a lot of Mac users by surprise.
But if the news of a hacked Mac was alarming in some quarters, security experts say they aren’t the least bit shocked.
"Literally any piece of code is going to have vulnerabilities and the Mac is no exception," said Ray Wagner, Gartner’s managing vice president in the secure business enablement group.
Thomas Kristensen, chief technology officer of security-research firm Secunia, agreed. "Mac systems are as vulnerable as most other operating systems, so anyone with reasonable skills should be able to compromise them," he said.
Most Mac users see their operating system as being much more secure than Windows. That’s true to a certain extent. But much of the Mac’s immunity from malicious attacks can be attributed to hackers going for the more widely used operating system to grab the most attention.
"If a hacker turned their attention to the Mac, it would suffer just as much as Windows," Wagner said. "Attacking the 95 percent of the market gets them more attention."
According to research Wagner did in the last year, an operating system would need to hit the 20 to 30 percent penetration level before it really becomes a target for hackers. This is the point where hackers will feel it is worth the time to expose a vulnerability.
However, in light of last week’s proof-of-concept exploit, Mac users shouldn’t worry that hacks are going to start flooding the market. "Just because there has shown to be a hack, that doesn’t mean there will be all kinds of hacks showing up all of a sudden," Wagner said.
Dino Dai Zovi, the man that found the exploit, hopes for a safer operating system for all Mac users. "I hope the increased visibility due to the publicity surrounding this incident causes more people to search for and responsibly report vulnerabilities in the Mac to help make it a safer platform for everyone," he said.
Dai Zovi said he came up with the hack in about nine hours from the time he got the call from his friend Shane Macaulay, who was attending the CanSecWest conference.
"In this instance, breaking into the Mac was not particularly difficult," Dai Zovi said. "I got lucky and stumbled across a reliably exploitable vulnerability rather quickly. In many other times in the past, I have spent much longer looking without finding anything. It often comes down to luck and an intuition for where software weaknesses may lie."
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Partners in Mobile Device Management: AirWatch & CDW When it comes to Mobile Device Management, it's not just what you know. It's who you know. That's why CDW partners with industry...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
- Redefine Your IT Operations: Remote Office IT Has Never Been Simpler Join us to see why PC Pro named Dell PowerEdge VRTX the "2013 Server of the Year." PowerEdge VRTX may be just what... All Operating Systems White Papers | Webcasts