Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Mac Trojan Fallout: Apple Security Glory Days Gone?
Newest First  |  Oldest First  |  Threaded View
ANON1237925156805
ANON1237925156805,
 User Rank: Apprentice
4/23/2012 | 5:36:33 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
I take slight issue with this article. There's no question that the "bang for the buck" has some validity. It doesn't follow that one serious malware attack proves that the Mac environment was never all it was cracked up to be.

Macs are far from invulnerable and I've never seen an Apple ad that said they were. Still there are legitimate technical reasons why Macs have been deemed more robust, especially compared to older versions of Windows. These relate to the inherently secure nature of the Unix kernel. It's hard for malware to penetrate and hard for it to remain in place undetected. All of Unix's children inherit these qualities including OS X, iOS, Linux and Android.

IW has written several articles about this in the past and there are plenty of objective descriptions on the web as well. Bill Gates certainly acknowledged this when he chose to spend his last days at Microsoft heading the effort to harden Windows/Office. (No question that Microsoft has greatly improved in this area.)

The challenge today is in our n-tiered client server world, there many layers through which malware can attack and do harm and many places for it to lodge. Even if a bad actor can't take up permanent residence in the kernel, it can do a lot of damage before it's detected. Think of how much a burglar could remove from your home in 10 minutes were you to leave the door open while running a quick errand.

That's why anyone with common sense treats all PCs and mobile devices as being at risk, whether they be Windows, Mac or Linux. We all know the steps to take, ranging from anti-virus to WEP 2 Wi-FI to hardware/software firewalls, to absolutely never ever install upgrades from pop-ups of unknown origin. Dare I say that this is especially true for Adobe software?

Microsoft, Apple and Google must take the lead in educating users about risks and solutions. So far that hasn't happened to the extent that it should, perhaps because no vendor wants to publicly admit that its products have weaknesses. So in the meantime, users have a responsibility to learn what to do and to implement it.

In terms of Apple's post-attack behavior, it's WAY too soon to say that they failed a critical test. The problem is that their defensiveness in the past makes us not give them the benefit of the doubt. Apple will have to earn our trust by being more forthcoming and responsive when problems occur and evolving proactively as threats morph over time.

Sad as Mr. Job's departure is, Apple without him is starting to show signs of change in this area. May it continue so that they retain their deserved reputation for quality and security.
Tronman
Tronman,
 User Rank: Apprentice
4/20/2012 | 5:16:45 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
Another mac user in denial.
YMOM100
YMOM100,
 User Rank: Apprentice
4/20/2012 | 11:16:22 AM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
Why "gone"? Apple never had security glory days, they just were lucky that their desinterest and tardiness in regards to security did not get punished sooner.
Mathew
Mathew,
 User Rank: Apprentice
4/20/2012 | 9:55:09 AM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
@Puggsly and others, you're correct -- 600k isn't 3% of Mac users; didn't mean to imply that it was (article wasn't clear). Initial stats from some security firms had estimated that 2% to 3% of all active Macs were infected, but later stats settled on the 1% to 2% figure.
Likewise, you're correct that the Java-vulnerability-exploiting Flashback didn't make its appearance in February, but also it wasn't April; it was the end of March.
Other dates: The bug exploited by attackers was patched by Oracle in its Feb. 17th Java update for Windows. Apple then released an update patching the Java bug in OS X on April 3.
We'll update the story to correct the stats.

Thanks,
Mathew
ANON1237837896902
ANON1237837896902,
 User Rank: Apprentice
4/19/2012 | 11:06:47 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
The discussion is still relevant as it concerns people's choices about what computer platform to purchase. This has been a deciding factor for many people so one of the questions posed is should people still purchase Mac's to be safe and yes this is debatable, but it is no pointless.

What is important is that facts are used in these discussions. Facts like 600k systems represents about 1% of active Mac's. Facts like the first known occurrence of the Java exploit was at the beginning of this month, not early February.

Apple was a couple days late delivering the patch but followed it up with removal code and a hardening of the way the Java plugin is treated. Apple shut down Command and control servers with in days and infection rates are thought to be less than 100k today.

Your concern with the assertion that things are "worse" on windows is no more grounded in fact than the authors. Statements that Microsoft has "proven ability" or "effective distribution" sound hollow when the last major windows attack held on to over 5-9 Million systems for the better part of a year. There was no automated patch that removed conficker or any other virus or trojan I know of by Microsoft. The core OS has no built in quarantine system that I know of. Now I know that Microsoft distributes a free tool, but you have to choose to load it. That tool may be much more robust than Apple's current system, but that is because it has to be. Apple has shown a willingness to deliver exactly what it needs to, to keep ahead of the malware writers.

I would argue that they continue to succeed in making the Mac an unattractive target and thus make Mac users safer, if not down right safe. If we continue to see large scale successful attacks against mac users, I will be proven wrong. But I'm betting that we will continue to hear about 1 or 2 of these every year and Apple will squash them like the bugs they are, and Mac and iOS users will continue to pay little to no attention to concerns of viruses.
jbelkin
jbelkin,
 User Rank: Apprentice
4/19/2012 | 8:48:55 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
So far, it seems more people swear they've been abducted by aliens than people who actually have this Mac malware ... Well, unless you believe everything on a Russian website s real and Symantec who of course has no ulterior motive to convince u there's malware ... Has anyone on earth outside of labs admit they found this on their machine? Anyone? Anyone? It seems more people emit to see Bigfoot r the loch ness monster ...
jgeiss4p
jgeiss4p,
 User Rank: Apprentice
4/19/2012 | 7:51:53 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
There are a large number of anti-Apple people gloating over this. Yes, Apple could have (and, likely, should have) released this patch faster. However, it is important to note that the number of infected systems has reportedly dropped in the last few days from 600,000 to 140,000. That is a very substantial drop, especially considering that most Mac users have had no previous experience in dealing with such an attack.
In addition, the 600,000 infected machines is a very small number of users (alas, they are those clients who were 'stupid' enough to trust an unsolicited pop-up window instructing them to 'upgrade' their flash! Come on, people!). I have three MacOS X machines at home, and NONE of them were infected (and that's with my children using two of them, clicking on EVERYTHING that they can find!)
Apple has a long way to go before they get to the point where they have to deal with the problems that the Windows systems have been taking for granted for the last decade.
RSL
RSL,
 User Rank: Apprentice
4/19/2012 | 3:55:14 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
My point is that there was no need to even mention Windows in this article. None of this constant comparing is necessary GÇô this is a genuine issue with Apple/Macs, period. This article should simply address what is going on relative to the topic. Percentages and numbers can be argued, interpreted, and skewed to the point that they are totally inaccurate.
veggiedude
veggiedude,
 User Rank: Apprentice
4/19/2012 | 3:36:29 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
What is wrong with the article is saying 600,000 infected Macs constitutes 3% of Mac users, when it is actually 1%.

And yes, that is far less than the normal exposure rate that infects Windows.
RSL
RSL,
 User Rank: Apprentice
4/19/2012 | 3:13:33 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
I am becoming very disillusioned with Information Week and the integrity of its articles. What relevance is there in an article about security issues with Macs, does the text "windows security still looks worse" have to appear right after the headline? Besides irrelevance, the author obviously misuses, the word "worse". There have been issues with the speed and results with regard to the response to this threat on Apple's part. Microsoft has a proven ability, experience, and an effective distribution mechanism to handle updates to their OSes. Worse? Of course Windows has a much greater field to attack, but that is not "worse". Users who do not patch their machines will exist across all platforms, not just Windows - again, "worse"? Furthermore, the article itself, does not elaborate on how and why Windows is purportedly "worse"...

On the flipside, an up to date Windows machine is "better".

As a professional, I would appreciate newsworthy articles that span the full scope of the issue at hand versus constant sensationalism style headlines and content.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1142
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
CVE-2023-1143
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-1144
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
CVE-2023-1145
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
CVE-2023-1655
PUBLISHED: 2023-03-27
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.