Apple Computers Not As Secure As You Might Think
Alright, Apple fans, it’s time to face the truth: Your Macs aren’t as safe as you might think.
Apple led all major technology vendors in reported vulnerabilities in its operating system and software during the first three months of 2012, according to a report released Tuesday by Trend Micro.
I have worked in the computer security field for over 7 years and have always been concerned about the false sense of security Apple pushes to die-hard fans. Back in March, 2006, Brian Krebs, then a security researcher and writer for the Washington Post, wrote a story about the thankless jobs of Botnet researchers (Bringing Botnets Out of the Shadows). In the article, Krebs talks about the efforts of Shadowserver.org which was founded by my old friend, Nicholas Albright. I showed Nicholas how I researched botnets and he went on to create one of the most valuable and helpful computer security organizations in existence. I joined them for a short time but quickly burned out and went on to other things.
In the article, Krebs mentioned a botnet that I was working on, which consisted of only Linux and Mac OS X systems. Just the mention of Mac systems being compromised and being part of a botnet sent the Apple fan-base into an uproar. Apple has a fairly arrogant view on security, when it comes to their products. They always pushed a false sense of security to their consumers. Even going as far as to imply their operating system was immune to viruses.
Hello, Flashback Trojan!
Oracle, the company that develops Java, fixed the vulnerability exploited to install Flashback on February 14, 2012. However, Apple maintains the Mac OS X version of Java and did not release an update containing the fix until April 3, 2012, after the flaw had already been exploited to install Flashback on 600,000 Macs.
Once the malware is installed, the Trojan steals passwords and banking info from Safari.
Apple’s slow response in addressing a vulnerability that was being actively exploited, put users at risk of having their personal and private data exposed. Apple released a Java update that fixed the vulnerability and removed the Flashback Trojan on April 3rd, 2012. However, they are not releasing fixes for Mac OS X 10.5 and older. There is a bit of irony here. The version of Mac that was current at the time Krebs published “When Macs Attack“, which generated all the outrage from the apple fan club, was OS X 10.4, which is now vulnerable to attack until the end of time.
It seems that Apple is far behind Microsoft when it comes to addressing security vulnerabilities. Hopefully they will catch up, soon.
If you were infected by the Flashback Trojan, please make sure to watch your bank account and credit report, closely.
the attachments to this post: