HNS MAIN FEED
Tuesday, 16:37 EST
- OpenDNSSEC 1.0.0 released
- Microsoft releases giant patch collection
- 81% percent of e-mail links to malware
- Unaware of the dangers, most teens share personal info online
- Data harvested from Facebook used in boiler room scams
- A closer look at USB Secure 1.3.0
- Safety tips for online dating
- Researcher hacks security encryption chip found on millions of PCs
- Is authenticated XSS a problem?
- Online shopping safety: Consumers hold retailers responsible
- Seagate ships the Savvio 10K.4 hard drive
- Political hacktivism and the exploitation of tragedies is on the rise
Malware Evolution: Mac OS X Vulnerabilities 2005 - 2006
This article looks at vulnerabilities detected in MacOS X in the first half of 2006. It compares these vulnerabilities to those detected in the first half of 2005, providing an overview of the evolution of threats targeting this increasingly popular platform.
The Apple Macintosh is becoming more and more popular. However, recent reports on Mac security have caused extensive discussion among security professionals. Those who have expressed concern about the increasing number of vulnerabilities detected in Mac OS X have been accused of overreacting. The other side of the coin is that those who do not take this viewpoint are accused of being lacking in common sense. This article examines several aspects of the recent evolution of threats for Max OS X in order to help readers understand the ongoing debate, how secure Macs really are and how secure they will remain.
I believe that out-of-the box machines running under Mac OS X are more secure than those running under other platforms. The Mac OS X *nix-like security model is, by default, configured to protect the system against threats common to other platforms where this kind of security and configuration is not standard. It could well be said that from the start, Mac OS X was designed with security in mind. However, although this approach seems to leave far less security flaws that can be exploited, assuming that there are no security issues at all is quite dangerous. Like any other platform, Mac OS X has software flaws. Such flaws inevitably draw the attention of malicious users, especially if users don’t think they need to take action to protect against possible threats.
One interesting aspect of the vulnerabilities identified is the components in which they are present. The number of vulnerabilities identified in components where remote attacks are possible increased in comparison to the same period last year. This clearly demonstrates that possible attack vectors are receiving more and more attention.
Statistics
Figure 1: A comparison for the number of vulnerabilities in MacOS X and related products for the first half (January – May) of 2005, first half of 2006
For instance, the number of vulnerabilities identified in the operating system kernel and related components is less than in 2005. However, the number of vulnerabilities affecting Safari and the Mail application - which can be used to conduct an attack via the Internet - has increased. The same is true for QuickTime, which was a popular subject for security researchers during the first half of 2006.
1 | 2 | 3 | 4 | 5 | Next page >>
- A closer look at USB Secure 1.3.0
- Is authenticated XSS a problem?
- A closer look at File Encryption XP 1.5
- Corporations should follow the goverment's lead on attribution of cyberattacks
- IDS legacy is institutionalized failure
