Kaspersky Lab identified 60 OS X security vulnerabilities in the first half of 2006
OS X security vulnerabilities on the rise
/v3-uk/news/2002585/os-x-security-vulnerabilities-rise
25 Jul 2006, Will Head , V3
The number of security vulnerabilities in Apple's OS X operating system has increased compared to last year.
A study by security firm Kaspersky Lab identified a total of 60 security vulnerabilities in the first half of 2006, compared to 51 during the same period in 2005.
Vulnerabilities affecting the core operating system had decreased, however, down from 38 last year to 24 this year.
Security problems affecting the Safari web browser, Mail application and Quicktime media player were responsible for the overall increase.
The increase in vulnerabilities in Safari and Mail could be used to launch attacks via the internet, the report warned.
The study also highlighted the emergence of the first Mac OS worm in February this year. Leap-A spread via the iChat instant messaging system disguising its self as a Jpeg image file.
A further three exploits were discovered during February and another six in April.
The research concluded that, while users of Apple's operating system are relatively safe from attacks, they must not become complacent.
"Apple's small share of the global personal computer market has protected Macs from the unwanted attention of malware authors," said the report.
"However, this will change as Apple systems become more popular. Once critical mass is reached, more malware will undoubtedly start to appear.
"History shows that once vulnerabilities are identified, malware writers are never far behind."
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
Oh get off of it
Please name one effective piece of malware that lives in the wild. This is just one more hunk of rubbish so typical in this day and age of journalistic misinformation. It is based on the same lies and distortion of fact that is used to get readers and not to report the actual facts. The credibility of the so called security firms who dream up this carp to sell worthless software and services along with the media who report it is zero.
Posted by thomcarl, 25 Jul 2006
FUD alert!
They should rename this site to appleFUDnet.com
Let's all chant the website song, all together now...
FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD! FUD!
Posted by BobAB, 25 Jul 2006
Yawn
"History shows that once vulnerabilities are identified, malware writers are never far behind."
History also shows, once a stupid story always a stupid story. This "news" has been cut and pasted so many times you guys should be embarrassed. How about something more definitive and really useful? Eventually people will start to associate these headlines for what they are, trolling for hits, and refuse to click on your site.
Posted by artMonster, 25 Jul 2006
I want one of these!!!
Where can I go to get one of these? I've been trying to find out how for OVER A YEAR NOW!!!!
I haven't had a good virus or trojan in 10 years.
And i've never had malware or spyware.
I feel so left out :(
Posted by Larry, 25 Jul 2006
Thanks for the info...
moving on.
Posted by Da Man, 25 Jul 2006
FUD
Fear, Uncertanty, and Doubt
its getting boring, guys.
Truth: Same amount of Mac malware as last year - ZERO
Posted by bob, 25 Jul 2006
They can't even do the math
By my count there were 64 CVEs for Mac OS X vulnerabilities this year. All of which have been addressed by Apple updates. Internet Explorer 6 alone has had 50 CVEs this year, six of which have not been patched.
There have been less than 20 malware reported for Mac OX since its release. Most of which are proof of concept. None of which are viruses, only worms (and not even true worms) and trojans.
With over 20 million Mac OS X users, the obscurity argument holds no water. Mac OS X is designed in a way as to be less susceptible to attack.
Stay vigilant but stop crying wolf.
Posted by Nauga, 25 Jul 2006
Get your definitions right.
Leap-A wasn't a worm, it was a TROJAN. It required active user participation to install. So there you go, the first OS X worm hasn't occurred yet.
Well done. Great reporting. Keep up the good work and stunning research.
/sarcasm
Posted by zippy, 25 Jul 2006
OMG..
Didn't we do this months ago!
Slow news day?
Posted by Jeffsters, 25 Jul 2006
More FUD... *sigh* it's getting so old...
It's amazing how many of you so-called "journalists" refuse to do a little research before blindly blabbing what someone told you...
Posted by Anonymous, 25 Jul 2006
vulnerabilities on the rise
Shouldn't the title be, vulnerabilities on the rise but exploits remain near zero?
Anything else smacks of FUD. But you knew that already. Here's hoping you get a lot of hits with your headline.
Posted by anonymous, 26 Jul 2006
End of apple
all these vulnerabilities,microsoft's Zune, and BuyMusic.com surly spell the end of Apple.
Posted by Visionary, 26 Jul 2006
Vulnerabilities yes, malware no
Yes, it may be that more vulnerabilities have been discovered. But no malware that is spread via the internet has ever been seen in the wild.
Posted by ershler, 26 Jul 2006
Hey new use for the graphic!
Glad to see you guys found a new use for the Apple/Worm graphic! But isn't this essentially the same article as the last one reporting these "never reported in the wild" proof-of-concept malware apps?
Anyway....slow news day I guess...
Posted by Jeffsters, 26 Jul 2006
Do you have nothing better to write about?
Seriously... do you a single person to be affected by malware on the Mac? I'll bet it will take a serious search to find a single soul.
Thanks for the FUD.
Posted by DWalla, 26 Jul 2006
Just gotta be careful
Like any OS, there will definitely be vulnerabilities. Just have to exercise caution.
Posted by Jack S, 26 Jul 2006
Watch Out
Watch out,
though i am a 100% mac user and beliver, i think we should not downplay the threat like some people have, think about the 1,000's of people that are using mac as a safe system and once one bad programs out 90,000,000 + are sure to folow. though there seems to be a low threat now we should wath out becouse if we as a mac using comunity continue to ignore the threat of mac- malware we will be the ones sufering when macs become as bad as (gasp!) pc's.
Posted by macomonsence, 26 Jul 2006
Discovered vs Real security problems
The number of dIscovered vulnerabilities does not mean anything. The real world vulnerabilities is what affects people.
Discovered vulnerabilities have to be exploited first. And from potential to read threat is a long way.
Mac users should not thisk they are absolutely safe, but Windows users should switch to Mac because OSX is far more secure.
Posted by Sasha S., 26 Jul 2006
Malware where??
And exactly where is this OS X malware?
Perhaps you are correct... Last year there was zero malware; this year, there is a hundred times more.
Posted by Mike, 26 Jul 2006
FUD
Kaspersky Labs is well-known for going for quantity instead of quality because they know that people, especially reporters, compare AVsofts by how many viruses are listed in their database.
Furthermore, the OS X worms that have come out aren't really worms. You have to interact with them to spread. , greatly limiting its effect.
Lastly, a default install of Mac OS X is really secure. It requires the user to fire up a browser, use ichat, or get out of their house to be discovered via a bluetooth device, to start to run any risks. Apple is fast to fix those as well.
All this being said, no one should be complacent in securing their computer (since that's the world we live in now), but spreading FUD is actually hurting these efforts.
*Warning: comment may contain inaccuracies that require the user to actually do some searching and reading for him/herself.*
Posted by SecurityMafia, 26 Jul 2006
Making News When There Is None
What do you call this type of journalism when you need to make things appear desperate when in reality there is nothing to fear. I have been runnng MacOS on several machines from day one. All of them on the internet. Where are all my scarey attacks?
Posted by Larry Blodgett, 26 Jul 2006
Yawn....
Yes. Any day now my Powerbook is going to be overrun with shite. Yawwwnnnn.. I'm off to bed. (Really, why do I waste my time with these articles.. hmm) Night all!
Posted by John C, 26 Jul 2006
OS vunerability?
Where are they ? I have heard that for months, years everytime OSX is gaining market shares.
For exemple when openssl has a vulnerability it's not a core problem because not designed by Apple.
The famous worm...Will have you ever used ichat? Serioulsy Mr HEad would you open an attachment received by an unknow person?
Posted by oliver smith, 27 Jul 2006