Mac OS X Not Impervious to Malware

There is no operating system that is impenetrable to security dangers especially if it is malware, so prove the latest security patches from Apple.

Apple Computers announced in its security update 2007-004 that its update released in late April 2007 deals with several security issues relating to Mac OS X and OS X Server systems.

The security update addresses 25 different vulnerabilities, which vary from denial-of-service attacks by remote attackers to common users with escalated privileges. These updates are mostly very serious in nature that requires appropriate examination and application as let by local patch reviewing and management policies.

Apple never reveals, discusses or confirms security issues without completing the testing while ensuring that the necessary fixes are ready for any new problem.

Security software vendor Sopho's senior technology consultant, Sean Richmond said the Mac vulnerabilities are a cause of worry for traders. Richmond suggests to Mac users that they should not be complacent. A number of Mac users tend to consider Macs as more secure and impervious to malware, he said.

According to Adriel Desautels, chief technology officer for security company Netragard, Apples are as secure as any other computer system, not anymore. In fact, Desautels said such a misconception poses insecurity to the particular system.

Some of the patches dealt with issues like attackers' ability to enhance their privileges while logging-in if not beat the network login.

In the bunch of 25 vulnerabilities, 14 enabled to execute arbitrary code. Some allowed escalation of privileges. And the two together could facilitate an attacker to gain access to the root or entire system. Zdnet published Richmond's comments, May 1, 2007.

Desautels, also founder of the research group at SNOSoft, told Zdnet Australia that he witnessed many instances of Mac OS X's compromise with reasons being either insecure services, use of insecure web applications, or weak configuration.

The most widely used medium of attack is the Web application, according to his first hand witness. The main purpose of the attack is to plant a bot on the system that distributed credit card data, Desautels added. Zdnet published this in news, May 1, 2007.

Related article: Mac OS X Devoid of Malware, Vexing Experts

» SPAMfighter News - 5/7/2007