Schwartz On Security: Slouching Toward Smartphone, Apple Armageddon

Every new year brings fresh warnings that the next smartphone botnet or Apple "I Love You" virus is imminent, while real attacks keep escalating.
Ditto for Apple OS X attacks. Industry watchers -- and security vendors -- have been predicting the imminent demise of Mac's "security by obscurity" status. But as with smartphones, Apple Armageddon isn't imminent.

Case in point: In November 2010, Sophos reported that by far the largest amount of malware trawled by its free Mac antivirus software was Windows sludge. While Sophos saw a few Mac-oriented exploits, and some cross-platform attacks written in Java, it found no clear and present danger.

At some future point, smartphones and Apple OS X will likely "feel the love" from attackers. But organizations face more immediate risks. For example, despite last year's focus on Adobe patching its products against zero-day attacks, Landesman says companies were much more likely to be exploited by Java than a malicious PDF.

"In 2010, Java exploits were three-and-a-half times more prevalent than malicious PDFs, and the reason for that was simple: Everyone was focused on PDFs and taking precautions, whether that meant keeping security up to date, or Adobe issuing more security updates," Landesman says. "But users weren't focused at all on Java, which is more ubiquitous than Adobe Reader and Acrobat, and apparently this was not being patched or policed as well, and consequently it was the threat frontrunner for the year." As always, criminals prefer the easiest path to an exploit.

So, with the security of every mobile device operating system receiving intense scrutiny, and Mac watchers waiting for the day an Apple Rustock arrives, it's important to keep an eye on today's top threats, including Java.

Of course, Java also runs on mobile devices. Accordingly, will we see a large-scale Java smartphone attack? Wait for the 2012 predictions.


Schwartz On Security: First, Know You've Been Breached

Schwartz On Security: Don't Get Hacked For the Holidays

Schwartz On Security: WikiLeaks Highlights Cost Of Security

Schwartz On Security: China's Internet Hijacking Misread

Schwartz On Security: Click 'Dislike' For Facebook Safety

Schwartz On Security: Reaching The M&A Tipping Point

Schwartz On Security: Remove Dangerous Sites From Internet

Schwartz On Security: Zombie Internet 'Kill Switch'

Schwartz On Security: Can Apple Minimalism Stop Botnets?