Perimeter
Guest Blog // Selected Security Content Provided By Sophos
What's This?
2/27/2014
10:19 AM
Maxim Weinstein
Maxim Weinstein
Security Insights
Connect Directly
RSS
E-Mail
100%
0%
Repost This

Preying On A Predator

Mac OS X Snow Leopard is perfectly positioned to be the next target for cybercriminals.

If Windows XP is the dinosaur in the room, then OS X Snow Leopard — despite being named after a predator — is more like a sitting duck. The four and a half year old operating system lives on 20% of the world's Macs, yet it no longer receives security updates from Cupertino. How long will it be before criminals sniff out this target and start directing their attention to over-confident Mac users?

The overconfidence stems from the popular belief that Macs aren't vulnerable to security threats. Yet, while Mac has been targeted far less than Windows, threats do exist, and attackers have been getting increasingly aggressive in going after OS X. Apple has responded with some updates and security features designed to reduce the attack surface, and some patches for serious vulnerabilities, but of course these only apply to supported versions of OS X. Snow Leopard, for example, did not receive the recent patch for the now widely-known "gotofail" bug. As additional vulnerabilities are discovered and more developer signing certificates are stolen, Snow Leopard will become more and more susceptible to malicious activity.

For IT professionals, especially those in schools and other organizations with very limited IT budgets, this is cause for concern. In the short term, what do you do with older Macs running Snow Leopard? Upgrade, replace, or install AV software and hope for the best? (Hint: Even working for a vendor of Mac AV software, I don't recommend the latter. You want a patched system plus antivirus, not one or the other.) In the longer term, is it worth investing in computers without confidence that they'll receive security updates through their entire life cycle?

This also creates a dilemma for Tim Cook and company. To date, Apple has responded reactively to security incidents, even while positioning its products as the more secure choice. If 20% of Mac users start experiencing security incidents, the shine will come off the Apple pretty quickly. On the other hand, continuing to maintain several OS releases is expensive and distracting for a software company. Plus, too much focus on reactively patching old systems will send a clear message that security really is a problem for Macs, and that's something the company doesn't want. The best option may be to create incentives and marketing campaigns designed to drive Snow Leopard users to upgrade to a more recent OS version. Unlike Microsoft, though, Apple would be wise to avoid using security as the selling point for the upgrade if it wants to maintain its image of being a safer OS.

Maxim Weinstein, CISSP, is a technologist and educator with a passion for information security. He works in product marketing at Sophos, where he specializes in server protection solutions. He is also a board member and former executive director of StopBadware. Maxim lives ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web