Perimeter

Guest Blog // Selected Security Content Provided By Sophos
What's This?
2/27/2014
10:19 AM
Maxim Weinstein
Maxim Weinstein
Security Insights
100%
0%

Preying On A Predator

Mac OS X Snow Leopard is perfectly positioned to be the next target for cybercriminals.

If Windows XP is the dinosaur in the room, then OS X Snow Leopard — despite being named after a predator — is more like a sitting duck. The four and a half year old operating system lives on 20% of the world's Macs, yet it no longer receives security updates from Cupertino. How long will it be before criminals sniff out this target and start directing their attention to over-confident Mac users?

The overconfidence stems from the popular belief that Macs aren't vulnerable to security threats. Yet, while Mac has been targeted far less than Windows, threats do exist, and attackers have been getting increasingly aggressive in going after OS X. Apple has responded with some updates and security features designed to reduce the attack surface, and some patches for serious vulnerabilities, but of course these only apply to supported versions of OS X. Snow Leopard, for example, did not receive the recent patch for the now widely-known "gotofail" bug. As additional vulnerabilities are discovered and more developer signing certificates are stolen, Snow Leopard will become more and more susceptible to malicious activity.

For IT professionals, especially those in schools and other organizations with very limited IT budgets, this is cause for concern. In the short term, what do you do with older Macs running Snow Leopard? Upgrade, replace, or install AV software and hope for the best? (Hint: Even working for a vendor of Mac AV software, I don't recommend the latter. You want a patched system plus antivirus, not one or the other.) In the longer term, is it worth investing in computers without confidence that they'll receive security updates through their entire life cycle?

This also creates a dilemma for Tim Cook and company. To date, Apple has responded reactively to security incidents, even while positioning its products as the more secure choice. If 20% of Mac users start experiencing security incidents, the shine will come off the Apple pretty quickly. On the other hand, continuing to maintain several OS releases is expensive and distracting for a software company. Plus, too much focus on reactively patching old systems will send a clear message that security really is a problem for Macs, and that's something the company doesn't want. The best option may be to create incentives and marketing campaigns designed to drive Snow Leopard users to upgrade to a more recent OS version. Unlike Microsoft, though, Apple would be wise to avoid using security as the selling point for the upgrade if it wants to maintain its image of being a safer OS.

Maxim Weinstein, CISSP, is a technologist and educator with a passion for information security. He works in product marketing at Sophos, where he specializes in server protection solutions. He is also a board member and former executive director of StopBadware. Maxim lives ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Ciderblush
50%
50%
Ciderblush,
User Rank: Apprentice
4/25/2014 | 9:29:48 AM
Re: the prey has mechanisms
Rate it, i dont care. Arent we talking about a computer not an opinion.
Ciderblush
50%
50%
Ciderblush,
User Rank: Apprentice
4/25/2014 | 9:24:20 AM
the prey has mechanisms
Unix is also an outdated dinosaur yet has a community of supporters outside of the organisation that are willing to work for no money to ensure that operating system is constantly able to receive updates and security data kr patches as you call them. It is not hard to maintain a system but it is difficult to learn a system that you have never known. Enjoy your criticisms. :)
New Free Tool Scans for Chrome Extension Safety
Dark Reading Staff 2/21/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-10078
PUBLISHED: 2019-02-23
Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.
CVE-2014-10079
PUBLISHED: 2019-02-23
In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.
CVE-2018-20785
PUBLISHED: 2019-02-23
Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, this d...
CVE-2019-9037
PUBLISHED: 2019-02-23
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a buffer over-read in the function Mat_VarPrint() in mat.c.
CVE-2019-9038
PUBLISHED: 2019-02-23
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read problem with a SEGV in the function ReadNextCell() in mat5.c.