Mac OS X in hackers' crosshairs, report says
In its seventh biannual Internet Security Threat Report, Symantec said over the past year, security researchers had discovered at least 37 serious vulnerabilities in the Mac OS X system. The company said that as Apple increases its market share with new low-cost products such as the Mac Mini, its user base is likely to come under increasing attack.
"Contrary to popular belief, the Macintosh operating system has not always been a safe haven from malicious code," the Symantec report stated. "Out of the public eye for some time, it is now clear that the Mac OS is increasingly becoming a target for the malicious activity that is more commonly associated with Microsoft and various Unix-based operating systems."
In the report, Symantec also said that Apple Computer had become a target for new attacks and pointed to the appearance of "a rootkit109 called Opener" in October 2004 as an illustration of the growth in vulnerability research on the OS X platform.
"The various OS X vulnerabilities allow attackers to carry out information disclosure, authentication bypass, code execution, privilege escalation and (denial-of-service) attacks," the report said. "Symantec believes that as the popularity of Apple’s new platform continues to grow, so too will the number of attacks directed at it."
On Monday, Apple released patches for flaws in its operating system. The company could not be immediately reached for comment.
Symantec sells a range of security products designed to protect Macs, and the report, by stressing the threat to Apple systems, could encourage Mac owners to bolster their defenses.
But Symantec's concerns were echoed by James Turner, a security analyst at Frost & Sullivan Australia, who said many of the people who bought Apple products were not concerned about security, which left them wide open to attack.
"The iPod, PowerBooks and mini Macs are cool products," Turner said. "The byproduct is that people are buying these products for form over function. They say it looks pretty, and then buy it, but don't secure it. As Apple increases its market share, it will be a legitimate target."
Adam Biviano, a senior systems engineer at security software company Trend Micro, said all complex operating systems had security flaws and the more popular the platform, the more likely it would be attacked.
"All sophisticated platforms--Mac, Linux, Solaris or anything else--will have vulnerabilities," Biviano said. "The only reason Windows has had mass exploits written for it is the sheer number of connected devices that are present on most networks. As soon as you start seeing mass deployment of any technology, you are going to see exploits."
While there have not been any mass outbreaks of viruses targeting the Mac, the potential does exist, Biviano said
"You don't see Macintosh viruses in mass outbreaks, but you do see them in the labs as proof of concepts," he said "There aren't any outbreaks because there are simply are not enough (Macs) out there. For a virus to be successful, it needs a combination of an exploit and a large target audience."
Biviano noted that among cell phones, writers target the most popular operating system, not Microsoft's platform.
"Look at where mobile viruses are going, and they are not targeting Microsoft--they are targeting the market leader, which is Symbian," he said.