Monday, June 23, 2008

Apple malware

Macs only seem safer that other OSes. In reality they are just as risky. Because of this, I pay attention to any report of Mac based malware and exploits. Last week two Mac security vendors (I didn’t know the market was large enough for one) announced that they had discovered malware in the wild that took advantage of a recently discovered flaw that allows the an Applescript to run as root because of the permissions of the Apple Desktop Agent. In the Windows world it is common to talk about a vulnerability going from PoC to malware in a few hours or days, but this is the first time I can think of it happening on a Mac. The Mac flaw was made public on Slashdot on June 18th and the Macscan advisory is on June 19th. You can come to two different conclusions and neither is good for Mac users.

1. You could conclude that malware authors are starting to pay more attention to Macs and quickly wrote malware to take advantage of the flaw. This means that as more vulnerabilities appear so will more malware. This is not good for a population of people that have been repeatedly told they do not have security problems.

2. You could conclude that this vulnerability is publicly known because the new Trojan uses it to install itself. This would mean that malware authors are finding and using 0day to spend their wares. This also is not good for a population of people that have been repeatedly told they do not have security problems.

Either way the Apple security problem is growing.

1 comment:

Unknown said...

"Either way the Apple security problem is growing."

OH, HONESTLY, DAVE - EXAGGERATING APPLE SECURITY PROBLEMS IS *SOOO* 2005!!!


GET.A.NEW.TRICK.