Something strange appears to be happening, the last week has seen three stories about so-called security flaws in relation to the Mac OSX operating system. Macs have previously been immune to the kind of nonsense which Windows users have grown up with so what is going on?
One article today reports that "A new critical threat to Apple's OS X operating system has surfaced that could allow attackers to compromise a system without any user interaction. The flaw affects the way that the operating system handles meta data for ZIP archives. The application considers the files to be safe and will automatically open them, allowing attackers to embed script code that will be executed without the user's knowledge."
The website Heise.de apparently offers a demonstration of how an email is able to exploit the flaw.
The vulnerability report follows last week's story about two OS X 'worms' which made headlines around the world. After years of having no serious threats to the operating system, have hackers turned their hands to attacking Macs or is something else going on?
Despite widespread publicity, few articles pointed out that one of these so called threats was a proof-of-concept worm which was produced to demonstrate a potential weekness in the way older version of OSX handle bluetooth wireless connects by default. Any user could change the settings to remove the potential threat and Apple changes the defaults after the potential exploit was revealed. This isn't a new threat, the exploit is over a year old and has been patched ages ago. Further more, it is not actually 'in the wild', ie. malicious software actually found to be infecting users, it's just code produced to prove a point. In other words, there is no story!
Likewise with the so-called OSX virus. If it were true it would be a big story perhaps since no true viruses exist for the OSX. However, this lab produced trojan certainly isn't a virus as it requires user intervention in order to perform it's task. It was alleged that the worm would propagate via iChat instant messaging systems but users would have to actively give permission for the program to run and provide their admin password for it to have any effect.
So how comes these stories are doing the rounds? Two reasons spring to mind. Many many windows users have been abandoning the PC in favor of Macs. This has as much to do with the success of the iPod as it does the Macs inherently superior operating system and users being fed up with malicious infections under windows. It could be that anti-virus software companies are seeking to cash in on a new market as ex-windows users imagine they need similar protect to that required under their old buggy system.
However, another possibility springs to mind. Microsoft is loosing out to Apple's OSX and other inherently more secure unix based operating systems such as GNU/Linux and BSD. Microsoft will soon be releasing a new version of windows and is currently running a huge multi million dollar international advertising campaign to pursued people to buy the new version of their office suite. It certainly benefits Microsoft for people to imagine that OSX suffers from similar problems as Windows so perhaps these stories are getting a little help.
Whatever is really behind the stories, the fact is that we are talking about few potential but unrealistic risks compared to over 100,000 viruses and malware found on PCs running windows. So, it's probably a good idea to wonder why the media is making such a big deal out of it.
The website Heise.de apparently offers a demonstration of how an email is able to exploit the flaw.
The vulnerability report follows last week's story about two OS X 'worms' which made headlines around the world. After years of having no serious threats to the operating system, have hackers turned their hands to attacking Macs or is something else going on?
Despite widespread publicity, few articles pointed out that one of these so called threats was a proof-of-concept worm which was produced to demonstrate a potential weekness in the way older version of OSX handle bluetooth wireless connects by default. Any user could change the settings to remove the potential threat and Apple changes the defaults after the potential exploit was revealed. This isn't a new threat, the exploit is over a year old and has been patched ages ago. Further more, it is not actually 'in the wild', ie. malicious software actually found to be infecting users, it's just code produced to prove a point. In other words, there is no story!
Likewise with the so-called OSX virus. If it were true it would be a big story perhaps since no true viruses exist for the OSX. However, this lab produced trojan certainly isn't a virus as it requires user intervention in order to perform it's task. It was alleged that the worm would propagate via iChat instant messaging systems but users would have to actively give permission for the program to run and provide their admin password for it to have any effect.
So how comes these stories are doing the rounds? Two reasons spring to mind. Many many windows users have been abandoning the PC in favor of Macs. This has as much to do with the success of the iPod as it does the Macs inherently superior operating system and users being fed up with malicious infections under windows. It could be that anti-virus software companies are seeking to cash in on a new market as ex-windows users imagine they need similar protect to that required under their old buggy system.
However, another possibility springs to mind. Microsoft is loosing out to Apple's OSX and other inherently more secure unix based operating systems such as GNU/Linux and BSD. Microsoft will soon be releasing a new version of windows and is currently running a huge multi million dollar international advertising campaign to pursued people to buy the new version of their office suite. It certainly benefits Microsoft for people to imagine that OSX suffers from similar problems as Windows so perhaps these stories are getting a little help.
Whatever is really behind the stories, the fact is that we are talking about few potential but unrealistic risks compared to over 100,000 viruses and malware found on PCs running windows. So, it's probably a good idea to wonder why the media is making such a big deal out of it.
Comments
Hide the following 3 comments
Thanks for the heads up
22.02.2006 00:42
For what it's worth, I tested two macs running OSX 10.3.9 using the vulnerability check on
Neither machine exhibited the flaw. One was running Camino and the other Safari.
Simon
It's news because it's rare
22.02.2006 10:52
People also like to hear the mainstream media telling them they made the right decision: "Keep using Windows. Look, that other OS has got a vulnerability! It'll all end in tears if you try something different."
MS have such a huge marketing budget for astroturf news like that, and clueless journos love to repeat each other. It's cheap and easy.
But Apple would do exactly the same, if they were in Microsoft's dominant market position. Use a Free (as in Freedom) OS like Linux, if you want to be out from under the corporate thumb.
DF
It's not rare and not news...
23.02.2006 05:33
john