|
|
|
An anonymous security researcher has allegedly developed a worm for MacOS X.
We say 'allegedly' because said anonymous researcher is not releasing any sort of proof-of-concept or vulnerability details, or anything else to substantiate the claim. Instead, he (or she) is developing the worm for an anonymous benefactor whose intentions are unknown.
...pardon me while I go change my underwear.
19 Jul 2007
We all know what's going to happen here. Researcher gets his fifteen minutes of fame. A few weeks later, Apple patches the vulnerability. Meanwhile, no malware writer bothers to pick up the exploit code and the worm becomes little more than a reference used by by reporters the next time an attention-starved security researcher decides to "show the maccies."
So can we please stop with all this "see, Macs are vulnerable too" junk?
Operating systems have vulnerabilities, and vulnerabilities can be exploited. We get it. What we haven't seen yet is a malware author who has decided that it's worthwhile to develop malicious code for what would be an extremely visible attack that would only have the potential to affect 4% of personal computers worldwide when there are hundreds of millions of poorly-maintained PCs ripe for the picking. A looter doesn't walk across town to break into the TV repair shop when the windows have already been smashed at the Wal-Mart just down the street.
I know it's fun to get the fanboys all wound up, but the rest of us rational Mac users understand that OS X is not without its holes and we're no longer impressed by working PoC code. Most researchers savvy enough to find a critical vulnerability are also capable of writing an exploit. Heck, Dino Dai Zovi crafted his infamous $10,000 exploit in less time than it took to watch The Godfather.
So congratulations on finding the vulnerability, patching holes can only make OS X safer, but don't expect to cause some great Mac security awakening just because you went to extra mile to develop attack code as well.
