LAS VEGAS: Security firm iSec Partners has declared Apple's OS X Server platform unfit for secure business use owing to the possibility of targeted advanced persistent threat (APT) attacks on Mac systems.
ISec's Alex Stamos said that, while individual Mac systems could be secured, underlying vulnerabilities in the platform’s networking protocol make OS X Server networks easy to compromise.
"Run your Macs as little islands on a hostile network. Once you turn on the administrator stuff, once you install OS X Server, you are toast," he told attendees.
The problem lies in the way OS X networks handle authentication protocols. Researchers explained that the protocols could be harvested and cracked offline with 'brute force' methods.
ISec presented the results of a test in which an Apple network could be breached through a targeted attack on an end-user system. From there, researchers were able to run a local DNS attack to harvest credentials and obtain administrator access to a network and compromise all devices.
"It is just two notches above trivial to escalate your privileges to become an administrator on most Mac networks," said Stamos.
However, iSec praised Apple on advancements in many other areas, saying that, when stacked up with Windows 7 systems, OS Lion matches Microsoft in areas such as local privilege escalation and anti-exploit protection.
Despite recent high-profile outbreaks, Mac OS users have generally been far less prone to malware attacks than their Windows counterparts. But this may actually make Mac users more likely to fall for the targeted techniques used to gain a foothold in APT operations.
"Mac users have been trained to feel safe for a very long time, and Apple’s marketing isn't really helping," said iSec researcher Paul Youn.
"If Stuxnet has taught us anything it is that any system can be infected with malware."
Mark Zuckerberg mercilessly trolled by Harvard student newspaper after return to university he dropped out of 12 years ago
'Unauthorised user' blamed by Harvard for insulting Mark Zoinkerberg
Android under attack from 'Judy', Google Play Store malware that has infected up to 36.5 million users
Yet more Android malware discovered on the Google Play Store
Airport believes new system will be more reliable than GPS or Google Maps
OnePlus 3T canned to make way for imminent OnePlus 5 with Snapdragon 835, 8GB memory and dual camera
OnePlus 3T to be prematurely retired on 1 June - perhaps indicating plans for an imminent OnePlus 5 launch