WASHINGTON DC: Common vulnerabilities between operating systems exposed by flaws such as Shellshock will increasingly be used by hackers to breach enterprise systems.
FireEye CTO Dave Merkel made the claim during an interview with V3, claiming that common code and services used between operating systems mean there will always be exploitable flaws in enterprise systems.
"The bottom line is it doesn't matter if you're talking about an Apple product, a Windows product, a Linux product or any operating system," he said.
"If you've got a computing device with software on it, it's got vulnerabilities on it. Someone, somewhere will find them and exploit them. I don't care how good you think you are, it'll happen.
"Shellshock is a fine example of this. It's a flaw that can exploit every platform, be it Windows, Mac or even Android smart watches.
"Flaws like this may not always be remotely exploitable, but there will always be vulnerabilities with the potential for exploitation."
Shellshock is a flaw in the Bash code used by Unix and Unix-like systems that was uncovered in September.
The widespread use of Bash has led to concerns that it could be exploited to hack everything from desktop PCs to the SCADA systems powering critical infrastructure.
FireEye CEO David Dewalt mirrored Merkel's argument, revealing that the firm has already seen evidence of hackers creating new attack models capable of compromising machines regardless of ecosystem.
"When you look at the Apple and Microsoft stack, the first thing you realise is most of the tech is similar," he said.
"The types of platform for office productivity browsers are similar to that of Windows, so the tools and techniques are similar. The hackers are looking and asking 'can we compromise the browser?' or 'can we compromise the Adobe stack?'.
"The truth is the stacks are similar and the hackers are hitting it in the same way. The threat of malware between the two is exponential and we're seeing a similar attack model emerge."
Dewalt said that the increased focus on Apple, which refuses to discuss security matters before they are fixed and has traditionally been believed to be at lower risk than most operating systems, is due to the firm's recent success in the enterprise.
"Apple has proliferated into enterprise, to critical systems. Attackers go where the action and the money is. Today that's Apple," he explained.
Merkel said he expects to see further cross-platform vulnerabilities in the near future, warning that the firm has already seen an dramatic increase in cyber attack levels.
"Technology and the internet is a great thing for sharing and collaboration. But the risk entailed with it is something like Shellshock or Heartbleed. The amount of scrutiny around shared code is just beginning and interest is on the rise. This means we are going to find more stuff," he said.
"For every cyber attack headline you see there's 10 times, 50 times you don't hear about. We're talking significant attacks like IP theft. Destructive attacks."
The two FireEye chiefs' comments come just after the firm extended support for a number of its security services to Apple Mac OS X.
FireEye claims that the expansion makes it the first vendor to offer complete security tools for Microsoft, Apple and Google platforms to protect against APTs and zero-day targeted attacks.
Scientists believe there could be other hydrides or superhydrides with super conducting properties
Resetting the telemetry circuits and associated boards brought the instrument back to operations mode
Fortnite news and updates: Flaw in Fortnite authentication could have helped attackers steal player login credentials
Attackers could have used Fortnite security flaw to buy in-game currency on players' stored credit cards
New photos show cotton seeds sprouting in sealed container - with other plants expected to sprout within days