OS X botnet: disaster or speed bump?

OS X botnet: disaster or speed bump?

Summary: The infection of more than 600,000 Macs by Flashback highlights the fact that all software contains bugs, even Apple's. But will this destroy OS X's reputation as a safe platform?


The infection of more than 600,000 Macs by Flashback highlights the fact that all software contains bugs, even Apple's. But will this destroy OS X's reputation as a safe platform?

The technical details of this attack are only just beginning to emerge. Russian security vendor Dr.Web announced its discovery of the Flashback botnet just before analysts and the media took their Easter holidays.

What we do know is that the attackers exploited a vulnerability in Apple's version of the Java programming language that had been patched in Oracle's mainstream version back in February. Was Apple too slow to respond? What does this say about the reality of Apple's commitment to security — as opposed to the PR spin?

Microsoft learned about operating security the hard way, and has made steady improvements to Windows over the last decade. Is it now Apple's turn to face an unpleasant truth?

In this post-Easter Tuesday edition of the Patch Monday podcast, we discuss these issues with Chris Gatford, director of penetration testing firm Hacklabs, and applications architect Benno Rice.

To leave an audio comment on the program, Skype to stilgherrian, or phone Sydney 02 8011 3733.

Running time: 25 minutes, 06 seconds

Topics: Apple, Microsoft, Security


Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust.

He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit trap, clear a jam in an IBM model 026 card punch and mix a mean whiskey sour.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • In all fairness it's a Java hole, most users have Java disabled (I do). You also need to visit a compromised website in order to get infected which is not really a virus, it's more of a trojan.
    Apple were very quick with updates, can't say that about Microsoft.
    So apart from trying to bash Apple where are you trying to go with this?

    To recap: in order to get infected you have to visit an infected site and not have your updates up to date. How many websites have been infected? is ZD infected?
    • Watch out, Apple fan boy troll alert!

      FYI Microsoft patched this hole in February, Apple only just released a patch in April.


      Microsoft were very quick with updates, can't say that about Apple.

      There I fixed it for you.
    • I get the feeling lavinius.petru didn't actually listen to the podcast. I must admit, I do get quite frustrated when people don't take the time to listen to an episode before commenting.

      I'll just note in passing that equating a discussion that might not cast Apple in a completely positive light with "bashing Apple" is a bit shallow and juvenile before pointing out — as we did in the podcast — that Apple had forked Java and the problematic distribution was Apple's own. Oracle patched this vulnerability in February and, as Jingles (thank you) points out, so did Microsoft.

      Apple's regular update at the beginning of April didn't patch the vulnerability, and Apple only patched it when news of the botnet broke — so quickly that they must've had that patch ready to roll but didn't protect users... why?

      Of course lavinius.petru would have known all this — and also "where we are going with this" had they listened to the podcast.
  • 25 minute podcast? Can we get a text transcript? I'm more than happy to read, but life's too short to spend 25 minutes on a podcast. :)
  • Wow!
    Apple just released security updates for Leopard, the first since Lion was released.
    Must be a real issue and more than a few devices impacted:

    Leopard Flashback Removal Security Update, http://support.apple.com/kb/DL1534

    Leopard Security Update 2012-003, http://support.apple.com/kb/DL1533