Security Firms: “Mac OS X Invulnerability a Myth”

| News

 

Sick Mac

With increasing reports of malware and software exploits, users of Apple computers must now face the realization that “Mac OS X Invulnerability is a myth,” according to internet security firm Kaspersky Lab, which held a press conference Thursday morning as reported by ArsTechnica. The growing Mac marketshare has made the platform a target for increasingly high-profile attacks, most recently and notoriously in the form of the Flashback trojan.

Kaspersky, which offers anti-virus software for OS X, did acknowledge Apple’s steps to increase the security of its operating system by migrating towards an optional iOS-like controlled environment in its forthcoming OS X 10.8 Mountain Lion release, but fears Apple’s efforts may not be enough. 

Mountain Lion’s Gatekeeper feature, which allows a user to restrict applications on their Mac to those obtained from the Mac App Store and/or those from certified Apple developers, will greatly increase the security of the OS X platform. However, Kaspersky still believes that future vulnerabilities will be discovered in Apple’s software and that a “cat and mouse” game between nefarious hackers and Apple security teams should be expected for the foreseeable future. 

A bit of good news came from Kaspersky’s press conference: the firm now states that only 30,000 Macs remain infected with the Flashback trojan, down from a high of over 600,000 at its peak.

Kaspersky Flashback Infections

In related news, anti-virus firm Trend Micro revealed (PDF) Tuesday that Apple software suffered more security vulnerabilities in the first three months of the year than that of any other company, with 91 reported vulnerabilities compared to only 43 for primary rival Microsoft.

Trend Micro Number of Vulnerabilities

Chart by The Mac Observer from Trend Micro data.

In a sign that Apple is not standing still on security issues (or that its software is highly vulnerable, depending on the perspective), Trend Micro’s report also revealed that Apple patched 83 bugs and security flaws in its Safari 5 web browser, a record number.

Teaser graphic via Shutterstock.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

12 Comments Leave Your Own

Lee Dronick

Yes there always a way in.

It is not a myth

The problem here is not OSX, but Java in the first case and Microsoft on the second, as the malware used vulnerabilities in these two apps. Another thing that the article fail to mention is that in both cases the user has to accept the installation of the malware.

Bill

If you ban all Adobe and Microsoft apps, as well as Java you would have little to worry about.

geoduck

1) Duh. those of us that work with computers have been saying this all along. It’s why I’ve been running SophosAV for a while now.
2) As TINAM said the difference is that these vulnerabilities require the user to approve installing something. Most of the Windows vulnerabilities I see don’t.
3) “anti-virus firm Trend Micro revealed (PDF) Tuesday that Apple software suffered more security vulnerabilities in the first three months of the year than that of any other company” I am very dubious of that statistic. It depends on what they conciser “a vulnerability”. Is a single rollup patch counted as one or many? Are they counting the same patch for OS 10.7, 10.6, and 10.5 as separate vulnerabilities while a patch for Windows7/Vista/XP is counted as one? The devil is in the details.

webjprgm

Are they counting the same patch for OS 10.7, 10.6, and 10.5 as separate vulnerabilities while a patch for Windows7/Vista/XP is counted as one? The devil is in the details.

Ditto on request for more details.

Also on #2, that’s the most important part for me.  If there are 10 million Mac vulnerabilities but all of them ask me to install first, then Mac is safer for me.  What I’m watching out for is a case where malware can infect my system without user interaction.  That’s where things become vulnerable at a practical level for me, since I’m one of those self-proclaimed “smart” users. grin

Furthermore, Mountain Lion’s Gatekeeper will stop those user-must-install vulnerabilities (once the malware is known and the developer’s certificate is revoked).

Lancashire-Witch

once the malware is known and the developer?s certificate is revoked.

Hopefully that won’t take months.

furbies

Another thing that the article fail to mention is that in both cases the user has to accept the installation of the malware.

The later versions of FlashBack didn’t require user intervention.

geoduck

The later versions of FlashBack didn?t require user intervention.

I did not know that.
Very disturbing

furbies

I did not know that.
Very disturbing

Be afraid. Be very very afraid!

deejay

Done!

BurmaYank

Check out MacUpdate’s Promo for today (only):

VirusBarrier X6 10.6.15 for $19.99 (60% off, retail $49.95), only until midnight tonight!

But you might perhaps also find the comments of the reviewers there valuable before you decide to buy.

BurmaYank

“A bit of good news came from Kaspersky?s press conference: the firm now states that only 30,000 Macs remain infected with the Flashback trojan, down from a high of over 600,000 at its peak.”

Well, maybe not, according to AppleInsider:

  “In a status report released on Friday, the Russian security firm that first discovered the Flashback trojan disagrees with recent findings from Symantec and Kaspersky Labs, warning that the number of machines affected by the malware is not declining.
  Citing data from its own analysis of the largest Mac botnet to date, Dr. Web notes that around 650,000 computers are still affected, which is stark contradiction to the 30,000 number provided by well-known security companies Symantec and Kaspersky.
  Analysts from the Russian firm researched the discrepancy and found that the raw data coming in from the larger companies’ servers were likely inaccurate due to Flashback’s use of complex domain name creation techniques and a unique TCP connection operation that effectively masks bots from command and control servers.
  “BackDoor.Flashback.39 uses a sophisticated routine to generate control server names: a larger part of the domain names is generated using parameters embedded in the malware resources, others are created using the current date. The Trojan sends consecutive queries to servers according to its pre-defined priorities.”
  When the malware was first discovered in early April, Dr. Web registered for the main domains used as Flashback command servers while other security firms most likely use “hijacked servers” that are in this case less reliable. The report explains that Flashback’s mode of operation allows its network of bots to go largely unnoticed by the hijacked servers which could be the reason for the precipitous drop reported this week that saw the number of affected machines fall from 140,000 to 30,000.
  ‘On April 16th additional domains whose names are generated using the current date were registered. Since these domain names are used by all BackDoor.Flashback.39 variants, registration of additional control server names has allowed to more accurately calculate the number of bots on the malicious network, which is indicated on the graph.’
  Dr. Web notes that the trojan send requests to a server run by an unidentified third party, which in turn communicates with the bots but fails to close the TCP connection. This action is critical to researchers as it puts the bots in standby mode which means they do not communicate with other command servers monitored by information security specialists.”

Log-in to comment