Researchers: Security 'holiday is over' for Mac users

The flurry of security issues involving Apple's Mac OS X over the past week once again hammers home the fact that no technology platform is invulnerable to attacks, whatever the perception might otherwise be, security analysts said.

All it takes is a certain level of interest on the part of hackers and security researchers to increase the threats associated with any platform, they said.

"All software has bugs, and a certain percentage of those bugs will be security vulnerabilties," said Ira Winkler, an independent security analyst and author of the book Spies Among Us.

And given enough of an installed base and interest in a technology, the likelihood of such vulnerabilties being discovered also increases significantly, said Pete Lindstrom, an analyst at Spire Security.

"In Apple's case, you can credit the media and all those folks who said the [OS X] platform was inherently secure" for drawing attention to it, Lindstrom said. Also playing a big part is the publicity surrounding Apple's recent decision to move to Intel's microprocessors, analysts said.

Collectively, four separate pieces of malware targeting Mac OS X have emerged since Feb. 13. The first one, known as Leap.A, was not fully functional and was limited in scope and impact, said Ken Dunham, director of the rapid response team at iDefense, a Versign. The second family of Mac OS X malware consisted of a similarly low-risk, proof-of-concept code, named Inqtana, and two variants that attempted to spread over a Bluetooth vulnerability in Mac OSX 10.3.9.

In addition, earlier this week a critical new -- and as yet unpatched -- vulnerability was discovered in Apple's Safari Web browser. The flaw, discovered by Michael Lehn, a graduate student at the University of Ulm in Germany, allows for arbitrary code to be executed on a user's system simply by visiting a malicious Web page.

Though none of the threats are considered especially serious, the emergence of such code is significant all the same for Apple users, Dunham said.

"It shows increased activity and viability for future Macintosh-based threats on the Mac OS X platform," Dunham said, pointing out that the last major Macintosh threat was the Autostart worm in 1998.

"As a result, many Macintosh users are more likely to be complacent toward computer security and therefore are more likely to be vulnerable to any future threats that emerge against the Macintosh operating system," he said.

"For some Mac users, this can be somewhat of a wake-up call," said Craig Schmuger, virus research manager at McAfee Inc. Going forward, Macintosh users can almost certainly expect to see an increase both in the number of vulnerabilities discovered in the technology and in code designed to exploit them, Schmuger said.

But it's important for Mac users to have the right perspective on the issue, said Vincent Weafer, senior director of security response at Symantec. "You are no more at risk than a week ago, but it is a good time to go back and take a look at your security practices," he said.

When it comes to vulnerabilities in its software, Apple has had its share. Over the past two years, for instance, Apple has issued about 58 advisories relating to vulnerabilities in its software, compared to 127 for Windows XP, Weafer said.

"What is hugely different, though, [when compared to Microsoft] is the number of attacks on the Windows side versus the Macintosh side," he said.

Currently there are more than 150,000 known attacks against Windows vulnerabilities compared to less than 100 on the Macintosh side, according to Schmuger. As a result, the threats faced by Windows users is much higher than that faced by Macintosh users.

Even so, all it takes is just a few serious exploits against Macintosh vulnerabilities to create major problems, Schmuger said.

"I'm not going to say Macintosh is as inherently buggy as Windows was about five years ago," Winkler said. "But the holiday is over" for Mac users.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?