Skip to main content

Hackers biting Apple

Hackers are increasingly focusing on Apple's Mac OS X, and the number of newly discovered vulnerabilities has surged. Such a switch could mean big implications for Apple's user base, which has traditionally not had to concern itself too much over security.

Image Hosted by ImageShack.us

It's been an impressively quiet year so far on the PC virus and worm front, and hackers seem to be focusing their attention elsewhere. One such area is Apple's Mac OS X. Once mostly ignored by malware developers, there appears to be a growing interest in this "alternative" OS.

Details
Have you noticed the dearth of serious PC virus and worm threats out there lately? Well, it isn't a figment of your imagination -- according to vnunet.com, viruses are no longer the top security threat.

While serious attacks are still likely to emerge, the bottom has apparently fallen out of the PC antivirus market -- just as Microsoft begins a big push into the security market. One cause of this drop-off is solidifying defenses, which have led vandals to focus more on IM and phishing attacks.

But another reason is the increase of hacker interest in Macintosh -- specifically, Apple's OS X, at least according to McAfee's AVERT Labs. Apple may have left 1984 behind, but it's facing a brave new world of threats.

McAfee reports that 76 Apple-directed viruses emerged between 1987 and the start of this year. That's certainly an excellent reason for Apple to run TV ads touting its superior security and a good reason for Apple users to be smug.

But that may all be about to change. The number of newly discovered Mac OS X vulnerabilities has surged by more than 220 percent (annualised) from 2003 to 2005. Compare that to an 80 percent increase in the number of Windows vulnerabilities.

Of course, McAfee is in the business of selling antivirus software, so it's important to take its reports with a grain of salt (as with any antivirus vendor). However, it should be obvious to anyone that OS X's growing popularity on Apple computers has helped boost the level of known vulnerabilities.

But just because an antivirus vendor reports the numbers doesn't mean they aren't true. For example, consider the company's March 2006 patch, which addressed an unprecedented 20 new vulnerabilities. According to McAfee, Apple's Mac OS X is just as vulnerable to attacks as the much more popular Windows platform.

One major concern is whether Apple is prepared to meet this increasing level of attention from malware developers. It took years for Microsoft to really come to grips with the mechanics of releasing warnings and patches in a halfway decent way, and the number of attack vectors caused a lot of the problem. Apple is facing a brave new world of its own, and it may not be ready for the volume of threats that are developing.

Another big concern is just how many Mac users install antivirus software and update it properly. While I certainly wouldn't blame most of them for ignoring the minor problems and avoiding the extra expense, this could easily add to the problem as attack vectors multiply and actual attacks increase exponentially.

To make an informed judgment on your own, I recommend reading this McAfee white paper PDF about the emerging OS X threat. An interesting chart on page four shows statistics on Apple vulnerabilities from Secunia, FrSIRT, and the National Vulnerability Database.

While the numbers are still small when compared to Windows, the trend is extremely worrying. For a summary of current Apple threats and patches, Secunia's Apple Macintosh OS X Vulnerability Report is easier to understand than any of the "official" Apple sites I know.

Recently, there's been a critical, unpatched remote denial of service and system access threat to Mac OS X. Secunia Advisory 19686 lists these CVE references for the unpatched vulnerabilities: CVE-2006-1983, CVE-2006-1985, CVE-2006-1982, CVE-2006-1984, CVE-2006-1986, CVE-2006-1987, and CVE-2006-1988. The same bulletin lists Tom Ferris as the source of the report and provides links to the original advisories. [ZDNetNews]

Labels:

Comments

Anonymous said…
What a great site, how do you build such a cool site, its excellent.
»
May 23, 2006 2:15 AM
Anonymous said…
This site is one of the best I have ever seen, wish I had one like this.
»
May 23, 2006 2:42 AM
Anonymous said…
Really amazing! Useful information. All the best.
»
May 23, 2006 5:54 AM
Anonymous said…
Interesting site. Useful information. Bookmarked.
»
May 23, 2006 5:54 AM
Anonymous said…
I really enjoyed looking at your site, I found it very helpful indeed, keep up the good work.
»
May 23, 2006 7:15 AM
Anonymous said…
Your site is on top of my favourites - Great work I like it.
»
May 23, 2006 9:25 PM
Post a Comment

Popular posts from this blog

US says world safer, despite 11,000 attacks in '05

The U.S. war on terrorism has made the world safer, the State Department's counterterrorism chief said on Friday, despite more than 11,000 terrorist attacks worldwide last year that killed 14,600 people. The U.S. State Department said the numbers, listed in its annual Country Reports on Terrorism released on Friday, were based on a broader definition of terrorism and could not be compared to the 3,129 international attacks listed the previous year. But the new 2005 figures, which showed attacks in Iraq jumped and accounted for about a third of the world's total, may fuel criticism of the Bush administration's assertion that it is winning the fight against terrorism. Asked if the world was safer than the previous year, U.S. State Department Counterterrorism Coordinator Henry Crumpton told a news conference, "I think so. But I think that (if) you look at the ups and downs of this battle, it's going to take us a long time to win this. You can't measure this month ...
Post a Comment
Read more

Web users to 'patrol' US border

A US state is to enlist web users in its fight against illegal immigration by offering live surveillance footage of the Mexican border on the internet. The plan will allow web users worldwide to watch Texas' border with Mexico and phone the authorities if they spot any apparently illegal crossings. Texas Governor Rick Perry said the cameras would focus on "hot-spots and common routes" used to enter the US. US lawmakers have been debating a divisive new illegal immigration bill. The Senate has approved a law that grants millions of illegal immigrants US citizenship and calls for the creation of a guest-worker programme, while beefing up border security. But in order to come into effect, the plan must be reconciled with tougher anti-immigration measures backed by the House of Representatives, that insist all illegal immigration should be criminalised. The issue has polarised politics and US society. Right-wing groups have protested against illegal immigrants, while ...
Post a Comment
Read more

Al-Qaeda number two in new video

Al-Qaeda's number two Ayman al-Zawahiri has appeared in a video saying that Iraqi insurgents have "broken the back" of the US military. He praised "martyrdom operations" carried out by al-Qaeda in Iraq in the video, posted on an Islamist website. And he called on the people and army of Pakistan to fight against President Musharraf's administration. This is the third message from prominent al-Qaeda leaders to emerge within a week. A tape from Osama Bin Laden was broadcast on 23 April, followed two days later by a message from Iraqi insurgent Abu Musab al-Zarqawi. Pakistan focus Zawahiri, who wore a black turban and a white robe in the video, described the leaders of Egypt, Jordan, Saudi Arabia and Iraq as traitors, and urged Muslims to "confront them". He praised Iraqi militants, saying that the US, Britain and allies had "achieved nothing but losses, disasters and misfortunes" in Iraq. "Al-Qaeda in Iraq alone has carried out 800 ma...
Post a Comment
Read more