AAPL Stock: 117.81 ( -0.22 )

Printed from

Mac OS X on the exploit radar

updated 02:55 pm EDT, Wed June 6, 2007

OS X an exploit target

Analysts and security firms are increasingly recognizing Mac OS X as a potential target for exploits, though the actualized threat thus far has been virtually non-existent. A security research company released a piece of exploit code targeting a port mapping vulnerability in Mac OS X less than 24 hours after Apple had released a patch for it -- a potential sign that interest in such vulnerabilities is higher than previously accounted.

Rob Enderle, principal analyst for the Enderle Group, told eWeek: "It is very Microsoft. It's something we've grown to expect in Microsoft: The descriptions of patches lead people to write exploits for something that's been patched. It was only a matter of time before that kind of behavior hit [the Mac] platform. People are going after consumers, and they're going after consumers broadly."

One of the things analysts and some security researchers fault Apple for is the lack of a scheduled, regular patch process, as has been enacted by Microsoft in its "Patch Tuesday" mechanism, or Oracles tri-monthly system. Still, Apple is noted for its responsiveness in patching problems as they arise, despite the lack regularity.

Analysts also call for the implementation of ASLR (address space layout randomization)--a technology designed to allocate random space for memory making exploits difficult to determine. Microsoft has implemented this functionality in Windows Vista, though some would argue it's not necessary in Mac OS X, and Vista's implementation is far from bulletproof.

by MacNN Staff



  1. Guest

    Joined: Dec 1969


    Rob Enderle as a source?

    Oh please...

  1. ricardogf

    Joined: Dec 1969



    ROB ENDERLE as a source in MacNN? Are you guys on crack again?

    Let the FUD games's just AMAZING. I am still waiting for the first virus in the wild to appear...even with more than 50 MILLION Mac users around the world...

    Please SHUT UP, are just Dvorak's disciple, nothing else.

  1. Deal

    Joined: Dec 1969


    How many times...

    How many times have we heard this? I'll believe it when I see it.

  1. UberFu

    Joined: Dec 1969


    what I like

    is how some "independent" security firm can ALWAYS find an exploit in OS X - left and right - and over and over agin - but then a whole freakin' gathering of Hackers have to have the bar lowered in order to win a prize in a contest on exploiting OS X_

    [Rhetorical Question] So is that a financial situation - since "big firms" have bazillions of dollars to do this "research" and the independent hacker community - usually don't have enough cash to move out of mom's house ?


  1. UberFu

    Joined: Dec 1969


    one more thing... this day since I started using Macs [1984] I have only come across 2 cases of virus' personally_ When I ran a computer lab for 6 years and someone "ignorantly" did something stupid - twice_

    Other than that I deal with PC folk constantly who are always re-installing everything [software and systems] 'cause they keep catching s*** that the Virus Software Companies can't resolve_

    The only reason I've ever re-installed an OS is when there is a new OS or on the rare occasion when I've gone into the system and messed with stuff to learn about it and can't figure out how to undo it_

    Otherwise I've never used or installed Virus Protection Software on a mac in 23 years_

    And none of this "noise" around the internet phases me in the least_

  1. FastAMX79

    Joined: Dec 1969


    oh boy!!

    Non-Stories are fun!!!!

    Wake me up when this happens in the wild... (not being smug.. just truthful.. i know OS X is NOT as tight as a dolphin's bung-hole, but stories like this are only good for one thing.. FUD.

  1. MacnTX

    Joined: Dec 1969



    I don't care what Enderle and his gang of FUD peddlers say, I'm not buying AV software for my Macs, and I'm sure as h*** not going to consider Vista...

  1. danviento

    Joined: Dec 1969



    they bother putting a 3rd rate 3rd party source because they know people will come and see what junk they have to say, if for no other reason than to refute such bogus claims. More eyes means more cash for ads on the site.

    If nothing else, you can bone up on what the trash-talkers woud potentially throw down.

  1. lkrupp

    Joined: Dec 1969


    They do have a point...

    While I agree that most of this is FUD and Apple bashing there is one point to make about this. Mac users are a tad on the smug side and there probably a large number of unpatched OS X systems out there. The so-called troubleshooting site MacFixit mundanely gives out advice on how to uninstall security updates and replace kext extensions instead of advising people to fix their machines so the updates can be applied properly. On Apple's discussion boards you regularly see individuals refusing to apply a security update because they are afraid something will go wrong. They have been influenced by the constant ranting of know nothing posters who allege all sorts of nasty problems to security and OS updates.

    I would guess there are many millions of unpatched OS X installations out there ripe for the picking if someone would take the time to attack them.

  1. hokizpokis

    Joined: Dec 1969


    potentialvirus'update NOT

    above posters be warned of the soon to be infamous 'macintosh potential virus' that the above article from that 'PC guru Rob Enderle' is well just 'bad apples' pun intended...

    Yup, just another excuse to pen an article on speculations and fluff; errr.. everyone deserves to eat right?? Except this guy, he don't know when to quit.

    He still doesn't understand why hackers haven't had macs for breakfast yet.

    The reason should be clear and painfull to the entire world, but he knows better!!

    Yup, the superior software design otherwise known as OS X, is the trumpeted answer... and don't ever expect this dude to stop 'the sky from falling anyway routine', because where he computes from it's a dismil, dark, & dreery dungon of mal-software designed from the start to allow all activities of repute to flurish with wild abandon!!

    sorry to point out the obvious... hey I forgive the starveing writer types, it's not really thier fault that thier wifes who pen childrens books make more hoot then they do waiting for the sky to fall...

    dude get an iPhone and come over to the dark side, ha, ha, ha,

    (errr, blah, blah, blah)

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented