WASHINGTON DC: Common vulnerabilities between operating systems exposed by flaws such as Shellshock will increasingly be used by hackers to breach enterprise systems.
FireEye CTO Dave Merkel made the claim during an interview with V3, claiming that common code and services used between operating systems mean there will always be exploitable flaws in enterprise systems.
"The bottom line is it doesn't matter if you're talking about an Apple product, a Windows product, a Linux product or any operating system," he said.
"If you've got a computing device with software on it, it's got vulnerabilities on it. Someone, somewhere will find them and exploit them. I don't care how good you think you are, it'll happen.
"Shellshock is a fine example of this. It's a flaw that can exploit every platform, be it Windows, Mac or even Android smart watches.
"Flaws like this may not always be remotely exploitable, but there will always be vulnerabilities with the potential for exploitation."
Shellshock is a flaw in the Bash code used by Unix and Unix-like systems that was uncovered in September.
The widespread use of Bash has led to concerns that it could be exploited to hack everything from desktop PCs to the SCADA systems powering critical infrastructure.
FireEye CEO David Dewalt mirrored Merkel's argument, revealing that the firm has already seen evidence of hackers creating new attack models capable of compromising machines regardless of ecosystem.
"When you look at the Apple and Microsoft stack, the first thing you realise is most of the tech is similar," he said.
"The types of platform for office productivity browsers are similar to that of Windows, so the tools and techniques are similar. The hackers are looking and asking 'can we compromise the browser?' or 'can we compromise the Adobe stack?'.
"The truth is the stacks are similar and the hackers are hitting it in the same way. The threat of malware between the two is exponential and we're seeing a similar attack model emerge."
Dewalt said that the increased focus on Apple, which refuses to discuss security matters before they are fixed and has traditionally been believed to be at lower risk than most operating systems, is due to the firm's recent success in the enterprise.
"Apple has proliferated into enterprise, to critical systems. Attackers go where the action and the money is. Today that's Apple," he explained.
Merkel said he expects to see further cross-platform vulnerabilities in the near future, warning that the firm has already seen an dramatic increase in cyber attack levels.
"Technology and the internet is a great thing for sharing and collaboration. But the risk entailed with it is something like Shellshock or Heartbleed. The amount of scrutiny around shared code is just beginning and interest is on the rise. This means we are going to find more stuff," he said.
"For every cyber attack headline you see there's 10 times, 50 times you don't hear about. We're talking significant attacks like IP theft. Destructive attacks."
The two FireEye chiefs' comments come just after the firm extended support for a number of its security services to Apple Mac OS X.
FireEye claims that the expansion makes it the first vendor to offer complete security tools for Microsoft, Apple and Google platforms to protect against APTs and zero-day targeted attacks.
Latest Tesla news: Tesla share price continues to fall after Saudi Arabia's sovereign wealth fund is linked to investment in rival
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
RTX 280 Ti will come with 11GB of fast GDDR6 video RAM with a 352-bit memory bus offering 616Gbps
The scale of jobs lost to automation will be at least as large as those in the first three industrial revolutions
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC