Perimeter
Guest Blog // Selected Security Content Provided By Sophos
What's This?
2/27/2014
10:19 AM
Maxim Weinstein
Maxim Weinstein
Security Insights
Connect Directly
RSS
E-Mail
100%
0%
Repost This

Preying On A Predator

Mac OS X Snow Leopard is perfectly positioned to be the next target for cybercriminals.

If Windows XP is the dinosaur in the room, then OS X Snow Leopard — despite being named after a predator — is more like a sitting duck. The four and a half year old operating system lives on 20% of the world's Macs, yet it no longer receives security updates from Cupertino. How long will it be before criminals sniff out this target and start directing their attention to over-confident Mac users?

The overconfidence stems from the popular belief that Macs aren't vulnerable to security threats. Yet, while Mac has been targeted far less than Windows, threats do exist, and attackers have been getting increasingly aggressive in going after OS X. Apple has responded with some updates and security features designed to reduce the attack surface, and some patches for serious vulnerabilities, but of course these only apply to supported versions of OS X. Snow Leopard, for example, did not receive the recent patch for the now widely-known "gotofail" bug. As additional vulnerabilities are discovered and more developer signing certificates are stolen, Snow Leopard will become more and more susceptible to malicious activity.

For IT professionals, especially those in schools and other organizations with very limited IT budgets, this is cause for concern. In the short term, what do you do with older Macs running Snow Leopard? Upgrade, replace, or install AV software and hope for the best? (Hint: Even working for a vendor of Mac AV software, I don't recommend the latter. You want a patched system plus antivirus, not one or the other.) In the longer term, is it worth investing in computers without confidence that they'll receive security updates through their entire life cycle?

This also creates a dilemma for Tim Cook and company. To date, Apple has responded reactively to security incidents, even while positioning its products as the more secure choice. If 20% of Mac users start experiencing security incidents, the shine will come off the Apple pretty quickly. On the other hand, continuing to maintain several OS releases is expensive and distracting for a software company. Plus, too much focus on reactively patching old systems will send a clear message that security really is a problem for Macs, and that's something the company doesn't want. The best option may be to create incentives and marketing campaigns designed to drive Snow Leopard users to upgrade to a more recent OS version. Unlike Microsoft, though, Apple would be wise to avoid using security as the selling point for the upgrade if it wants to maintain its image of being a safer OS.

Maxim Weinstein, CISSP, is a technologist and educator with a passion for information security. He works in product marketing at Sophos, where he specializes in server protection solutions. He is also a board member and former executive director of StopBadware. Maxim lives ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web