Sharp rise in Mac OS X flaws

[fuddam]

Taken from Digit:

http://www.digitmag.co.uk/news/index...il&NewsID=5742

>>>
Monday 08 May 2006 - 10:30

Just because you use a Mac, don't think you're any more secure than a Wintel user.

A sharp increase in the number of flaws discovered in Mac OS X suggests that the operating system from Apple Computer may soon be every bit as prone to malicious attacks as Windows, according to a report released last week by the SANS Institute, a Bethesda, Md.-based security training and research firm.

Mac OS X is still safer than Windows because its smaller installed base makes it a less attractive target for hackers. But the number of flaws discovered in OS X is leaving its reputation as a secure alternative to Windows "in tatters," according to the SANS semiannual update to its list of top Internet vulnerabilities.

"Users often feel invincible when they have their shiny silver-coloured Apple and they are surfing the Web with it," said Ed Skodis, a director at SANS. But that may be a mistake, because "there's a significant amount of research going on for security vulnerabilities in the Mac OS," he noted.

About 52 vulnerabilities were discovered in Mac OS X in 2005, and 17 have been uncovered so far this year, said Amol Sarwate, manager of the vulnerability management lab at Qualys, a Redwood Shores, Calif.-based security service provider that contributed to the study.

The number of vulnerabilities reported last year was more than double the 2004 total of 24 flaws, Sarwate said. At least a third of the flaws uncovered over the past year or so were considered critical, Sarwate said. Within the past few months, Apple's Safari Web browser has also faced its first attack targeted at an unpatched vulnerability.

Apple's increasing market share and its decision to use Intel chips have drawn increased hacker attention to OS X, Skodis said. Similarly, Apple's new Boot Camp, which allows Intel-based Macintoshes to run Windows XP, has also raised its risk profile, he added. Apple did not respond to requests for comment by press time.

The SANS study also showed that while the Firefox browser is still somewhat safer than Microsoft's Internet Explorer, it's no panacea. According to SANS, over the past six months, users of Firefox and Mozilla have had to patch a number of critical vulnerabilities.

At the same time, there appears to be a significant decline in vulnerabilities being reported in Windows services. But that decline has been offset by a sharp increase in client-side flaws, Sarwate said.
<<<

[Kumagoro]

I wonder if they are funded by MS.

[TheAnimus]

yes because anyone who finds secuirty bugs in apple products must be, because apple products aren't made by mortals.

apple has big problems, they've taken BSD and changed it. Maintaining that is a nightmare as any developer can imagine (everytime someone updates BSD, you've got to look at the changes u made to the part been updated, and subsiquent uses of that area).

Now their on x86 code, the classic proof of concept (aka script kiddie loving) code will work straight on the mac in most cases.

Their advertising campagin is just plain mis-leading, and gives people the idea that your more safe on an apple than you are on a PC running windows or FreeBSD say. yeh, like thats remotely true.

[fuddam]

Digit is massively PRO mac, if anything. Gets quite annoying sometimes, esp in the NLE world

[BroadbandPlacey]

gee woopy doo

52 'vulnerabilities'

anyone got the figure for the number on win XP and IE over the same period, id bet it's a hell of a lot more than 52

oh and i find this amusing, i use my mac, my bro uses his wintel,

guess who got a virus tonight by browsing a forum that had a virus embedded in the website due to a venerability in IE?

im a man of odds - and at the moment, the odds of me catching a virus/worm/tojan on my mac are very slim to exceptionally thin

try and slag of macs all day long - yes there are a few viruses out there, yes the os isnt as perfect as some people make out - but apples failings are nothing when compared to XP

[Kumagoro]

It wouldnt be the first time MS has bank rolled such groups. To think its not possible
is naive at best.

[TheAnimus]

riiiight, some of you might of seen my post about my excitment for the A9, this runs RISC OS, which has no real internal process security. As far as i know there are no 'vunrabilities', there are no viruses.

Is it safer than a windows box, no way!

Is an OS safer because it has fewer published vunrabilities, no. It doesn't work like that, after all you only need ONE.

the big problem is mac has never had a 'learning experiance' like blaster. Even enthusiasts know full well they need to patch windows on patch tuesdays. Mac fans have a zealot/stupid way of viewing security, deny it exists, claim that a report which cronicals flaw counts could be sponsered by malicous competitors (rather than companies who make names finding such things). Don't get arogant, i've been using windows NT on my home box since '98 now, not once had a virus. Had someone who i trusted gave me some code i ran as admin infect. But i don't know of any other infections. So whats most important is been clued up on computer science, now as most mac fans have spent their money on apple products they clearly seam to lack that.

[headbrace]

Yawn. Mac's are vulnerable. Everything is vulnerable, no-one is denying that. If they try to then they're idiots. However, as BroadbandPlacey said, it's often about the odds.

My 5 macs at home have never had a virus or succumbed to any other threat. But then my PC's haven't either. What does this tell us? Absouletely nothing, I'm just wasting forum space. Bt ut I would much rather use my mac than my PC when it comes to the possibility of these things.

For the record, I always found the guys at Digit to be pretty well balanced in their Mac/Windows focus and bias. Some are real Apple fans, others are great Windows devotees. To suggest that they are in some way funded by MS is stupid, uninformed and possible libelous.

[Kumagoro]

Didnt suggest Digit are, I'm talking about the group which did the study. Even then I'm not
saying they are. Just a bit of jokey sceptism and not believing everything I read.

[TheAnimus]

bit more info on the flaws:
http://www.theregister.co.uk/2006/05/15/apple_update/

nice major bug with a player installed on all apples.... thats safe.

[Spud1]

obviously there will be more flaws/bugs/holes found now...more people that use a piece of software/OS to more bugs that will be found. Windows is the dominant OS really these days, so obviously that will be the main target for crackers/virus writers.

OSX has been a small, niche market for years, only now they have started to snowball a bit with OSx86 they are getting more and more attention.