From: www.itworld.com

Apple OS X users feeling the exploit pinch

by Brent Huston

February 16, 2007 —

 

Many Apple users have long sat smug about the security of the OS X operating system. Pundits have expounded on its BSD roots, its imperviousness to spyware and malware, and overall lack of public exploits. Some have even lauded Apple's superior responsiveness when threats arose, and its commitment to information security.

Unfortunately, a lot has changed.

The "Month of Apple Bugs" project has shattered much of the illusions around OS X's security. According to the website, its initiative aims to serve as an effort to improve Mac OS X, uncovering and finding security flaws in different Apple software and third-party applications designed for this operating system. As of this writing, the project has released 31 public vulnerabilities for OS X and its supporting applications. Of the 31 vulnerabilities, 30 have either proof-of-concept exploits or none are needed to cause damage. Many of the disclosed bugs are serious issues and can be used to remotely compromise the system.

Apple is working on fixes, but patches have come slower than expected. Observers have stopped spreading the image of Apple as a security-focused messiah, and grown used to the idea that for Apple (like every other company that manufactures an operating system), tracking and mitigating security issues is a long, difficult and resource-intensive process.

Hopefully, OS X users will begin to acknowledge the risks, and embrace their need for anti-virus, OS hardening and ongoing patching. One thing is for certain. Information security-savvy users and organizations will need to focus attention on OS X users. Apple will also likely improve their security testing and programming development processes to help stop future holes.

I am paying more attention. I own a PowerBook, running OS X, and I have tightened up my system's firewall, implemented more monitoring, deployed more detection tools to know when I am being targeted and even ratcheted down the time between checks for patches -- which I, like everyone else, am anxiously awaiting. I will still use OS X every day. It is still my operating system of choice, for the same reasons as before - flexibility, power and usefulness plus incredible ease-of-use. That said, I will remain vigilant and take the necessary steps to protect my Mac and all of the other computer systems I depend on. Let's hope that everyone else does the same.


MicroSolved, Inc.