Month of Apple bugs planned

Researchers say they will publish an Apple bug a day in January, but the Mac faithful have leapt to the company's defence, citing its track record on security
Written by Graeme Wearden, Contributor

Apple's reputation for offering greater security than rival operating systems such as Windows will come under the spotlight in January.

Two individuals, independent security researcher Kevin Finisterre, and a hacker called LMH, say they plan to publish a previously unknown Apple vulnerability every day throughout January. The pair will be scouring Apple OS X and applications that run on top of it.

Finisterre has found a number of bugs in Apple's software in recent years. In early 2006 he wrote a proof-of-concept worm that spread between OS X machines via a Bluetooth vulnerability.

The "Month of Apple Bugs" was first reported on a Washington Post blog. In the posting, LMH claims that the initiative could help improve OS X security — which already has an impressive track record on security.

"Right now, many OS X users still think their system is bulletproof, and some people are interested on making it look that way," LMH said.

Supporters of Apple will typically react strongly to claims that the platform is becoming less secure, as some security vendors and researchers have claimed. Take-up of Macs is growing, partly due to the success of Apple's iPod, and the recent move to Intel chips could help the company grow its market share further. This, some claim, will inevitably make it a more tempting target for hackers — if they can find vulnerabilities to exploit.

Finisterre and LMH's plans have already sparked debate, both on the original Washington Post blog posting and around the internet. On the Washington Post site, Apple-user Ben commented that "there very well could be vulnerabilities in Mac OS X, but they are not real, they don't affect anyone... especially not in the way that millions of PC users' machines are crippled by exploits and spyware and essentially rendered useless because of a weak operating system."

Thor argued that while Apple users should take security seriously, the Mac platform offered greater security. "No reasonable user of any computer system, including Mac users, believes their system is bulletproof. Every system has flaws, and everyone needs to be cautious," wrote Thor. "It's just that, relatively speaking, there is very little in the way of real malware 'in the wild' that affects the Mac OS. This is due to a combination of the small market share of the Mac and its security architecture, as it is harder for malware to be installed without generating a prompt for administrative password."

Apple itself said that: ""Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users. We always welcome feedback on how to improve security on the Mac."

CNET News.com's Tom Krazit contributed to this report.

Editorial standards