toggle

AAPL Stock: 562.29 ( -3.03 )

Critical Mac OS X flaws see rapid growth

updated 05:20 pm EDT, Mon May 1, 2006

SANS: OS X flaws growing


The SANS Institute today announced updates to the Top 20 Internet Security Vulnerabilities, listing rapid growth in critical vulnerabilities being discovered in Mac OS X, including a zero-day vulnerability. The update notes, however, that Mac OS X still remains safer than Windows. The Mac's reputation as a "bullet-proof alternative" to Windows is "in tatters," according to the SANS Institute. "As attackers are increasingly turning their attention to the platform, OS X vulnerabilities are being discovered at a rapid pace, which could erode this safety in the future." A security professional recently revealed several security vulnerabilities in various Mac OS X applications, reporting them to Apple's product security team. As yet those vulnerabilities remain unpatched, supporting critics of Apple's security policy who claim the company is slow to react to threats.


by MacNN Staff

print
email
(19)

TAGS :

 troubleshooting

Related Articles

Recent Articles

toggle

Comments

  1. beeble

    Fresh-Faced Recruit

    Joined: Mar 2004

    0
    05/01, 05:48pm | report spam | Reply |

    Applications

    "A security professional recently revealed several security vulnerabilities in various Mac OS X applications..."

    How about the OS? Safari isn't the OS and as yet there haven't been any flaws in it that are actually critical, just things that exploit stupidity on the part of a user. Mail isn't the OS. iPhoto or iTunes aren't the OS. When these companies say that OS X has gobs of security flaws and then start demonstrating applications, they loose credibility, not Apple. It's like the boy crying wolf. And one day someone is going to report a critical flaw that is actually in OSX and most people won't listen.

  1. JulesLt

    Fresh-Faced Recruit

    Joined: Jul 2005

    0
    05/01, 06:03pm | report spam | Reply |

    'Critical'

    Critical should be restricted towards flaws that can affect ALL users regardless of their action - i.e. if a user can be affected by simply opening their mail (not attachment), or leaving their machine connected to the Internet.

    Any flaw that requires a user to surf to a 'specially crafted site' or manually open a payload is not critical. It's bad and should be fixed, but that immediately eliminates 95% of users from being affected.

  1. Cf

    Fresh-Faced Recruit

    Joined: Jan 2002

    0
    05/01, 06:05pm | report spam | Reply |

    but......

    but it's enough to spook the average user and raise the index of suspicion in the future.

  1. porieux

    Baninated

    Joined: Mar 2001

    0
    05/01, 06:38pm | report spam | Reply |

    nothing but FUD

    What a steaming pile of nonsense...

  1. fletcher

    Fresh-Faced Recruit

    Joined: Jul 2005

    0
    05/01, 07:06pm | report spam | Reply |

    Growth in what?

    The article cited says there is a growth in the number of vulnerabilities being discovered in Mac OS X. Discovering, reporting, and ultimately fixing vulnerability is a great thing since every vulnerability which is fixed before it can be exploited helps to harden the system.

    However, the MacNN headline and the reporting around the Web makes it sound like there is a growth in exploits relying on Mac OS X vulnerabilities. I'm having a hard time finding concrete information at CERT, Symantec, etc. regarding any actual virus that is in the wild and propagating or widespread use of these potential exploits for nefarious purposes.

  1. Glenstorm

    Junior Member

    Joined: Dec 2000

    0
    05/01, 07:13pm | report spam | Reply |

    Is SAN reliable?

    I noticed a similar article on CNN's tech page and apparently MSNBC was running this story also. I think it is an AP story. Anyhow, I question how biased SAN may be. They are a shool for internet security. It would seem logical that the last thing they want is a platform that is secure and no longer needs their services. Similar to Symantec's insistance that Mac users need virus protection software. Anyone have any knowledge of SAN?

  1. technohedz

    Fresh-Faced Recruit

    Joined: Jul 2000

    0
    05/01, 07:40pm | report spam | Reply |

    CNN story date

    last night I looked at the CNN front page and saw the blurb about viruses hitting macs. The content was something like 'this guy clicked a link in his browser and some code was run on his computer'. First, that wasn't a virus, that was a trojan. Second, if you read the entire article it shows that this happened in february. Automatically opening downloads? We went through this a long time ago. You can keep making 'proof of concept' applications to do this, but the fact is that this is a rehashed article with rehashed problems.

    It's like 'apple assured me these issues would be addressed in the next security update. Since that isn't out yet I'm going to tell the world'.

    Please. Fact checking would be good. The total number of flaws found grows, but the os has been updated numerous times. There are new problems in the new applications and operating systems. Most of the problems in MS products have been found so NEW reports decrease. Isn't this a NORMAL security cycle? I won't live in ignorance, but a rise in threat list prioritized based on the number of issues found within a set period without respect for the release dates of the products or the cumulative total number of issues for each products is misleading at the least.

  1. MacGeek50

    Fresh-Faced Recruit

    Joined: Mar 2006

    0
    05/01, 08:19pm | report spam | Reply |

    Sans Institute= Paid Fud

    The whole article was absent of content and the title makes fraudulent accusations with no merit. This has been happening on a huge scale since the first Intel Macs have been released.

    Now that Vista has been significantly delayed, the FUDsters are out in force because in the next 10 months or so Apple could pick up quite decent market share. Apple gets huge headlines for non-existent viruses and faked security tests and theoretical vulnerabilities while Windows barely gets headlines when millions of computers get hosed. It's ridiculous but MS has a lot of clout in the press.

  1. debohun

    Fresh-Faced Recruit

    Joined: Feb 1999

    0
    05/01, 08:42pm | report spam | Reply |

    Conspiracy Theory...

    The SANS report appears to be credible to me, especially since I have been concerned for awhile now that Apple is rushing along so fast that things are getting overlooked. However, the other report circulating today, concerning a user who is claiming that his Mac was taken over after clicking a link in a web browser is of a much more suspicious nature. And, it is by far the more widely reported story. Apparently there is no skeptical media left out there. They seem to be willing to report on ever single press release and wire story sent to them without doing any fact checking. It is more then suspicious to me that a supposedly massive security risk should suddenly emerge in the form of the Macintosh computing platform, just as Apple’s fortunes have turned, just as the Macintosh operating system is once again growing in market share following a decade of decline, and just at the very moment that corporations and governments are abandoning the Windows operating system due to security concerns. It seems quite a coincidence. But, as the character V observes in the recent popular film, “V for Vendetta,” there are no coincidences, only the illusion of coincidence. And, to break the illusion of coincidence all one needs to do is follow the money. It does not take too much skepticism to conclude that if Mac users are choosing not to purchase virus protection programs, and that if computer users are switching to Mac or Linux from Windows, that there are companies out there who are not too pleased with that turn of events. It is most likely only the illusion of coincidence that the very sudden plethora of news reports on Mac security issues has all the trademarks of a corporate PR campaign, including a consistent writing style that would get an A+ in a college PR class. It is disappointing that American journalists, if you can call them that [what an insult to giants like Menken and Morrow] apparently have not the brainpower to see when they are being snowed, or to at least check into the facts they are being fed. For instance, it took me all of minute to locate the subject of this article, Benjamin Daines, and to write him requesting details regarding the reported incident. He suspiciously refused to provide any details. Now, as a critical skeptic, I am not about to give credibility to someone who refuses to substantiate a claim, especially when I have not seen his resume or his record of deposits. For the time being, I will continue to manage Macs in exactly the same way that I have been managing them for 15 years. I am far more concerned about Apple's new hardware running Windows in Boot Camp, and about the state of critical thinking in America, than I am about native Mac security risks.

  1. jhorvatic

    Fresh-Faced Recruit

    Joined: Apr 2005

    0
    05/01, 08:52pm | report spam | Reply |

    Tatters oh my! FUD!!!

    Yea, my OSX has seen, 0 viruses, 0 spyware, it's in really bad shape, NOT!!!! SANS should go play in the sands cause there full of it with these big warnings about absoulutely nothing. Go play with yourselfs in the Windows world where they really need the warnings.

Show More Comments

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

iHome iW2 AirPlay speaker

iHome generally isn't known as a luxury brand when it comes to audio, but it is prolific -- the company's docks and speakers are every ...

Logitech Ultrathin Keyboard Cover

One of the iPad's main weaknesses has always been productivity. It's not a question of apps; while it has taken a little time for a na ...

Logitech UE Air Speaker

If maybe a little more slowly than Apple would like, AirPlay is becoming a staple of the wireless speaker market for iOS devices. The ...

toggle

Most Commented

 

Popular News