Case in point: In November 2010, Sophos reported that by far the largest amount of malware trawled by its free Mac antivirus software was Windows sludge. While Sophos saw a few Mac-oriented exploits, and some cross-platform attacks written in Java, it found no clear and present danger.
At some future point, smartphones and Apple OS X will likely "feel the love" from attackers. But organizations face more immediate risks. For example, despite last year's focus on Adobe patching its products against zero-day attacks, Landesman says companies were much more likely to be exploited by Java than a malicious PDF.
"In 2010, Java exploits were three-and-a-half times more prevalent than malicious PDFs, and the reason for that was simple: Everyone was focused on PDFs and taking precautions, whether that meant keeping security up to date, or Adobe issuing more security updates," Landesman says. "But users weren't focused at all on Java, which is more ubiquitous than Adobe Reader and Acrobat, and apparently this was not being patched or policed as well, and consequently it was the threat frontrunner for the year." As always, criminals prefer the easiest path to an exploit.
So, with the security of every mobile device operating system receiving intense scrutiny, and Mac watchers waiting for the day an Apple Rustock arrives, it's important to keep an eye on today's top threats, including Java.
Of course, Java also runs on mobile devices. Accordingly, will we see a large-scale Java smartphone attack? Wait for the 2012 predictions.
SEE ALSO:
Schwartz On Security: First, Know You've Been Breached
Schwartz On Security: Don't Get Hacked For the Holidays
Schwartz On Security: WikiLeaks Highlights Cost Of Security
Schwartz On Security: China's Internet Hijacking Misread
Schwartz On Security: Click 'Dislike' For Facebook Safety
Schwartz On Security: Reaching The M&A Tipping Point
Schwartz On Security: Remove Dangerous Sites From Internet
Schwartz On Security: Zombie Internet 'Kill Switch'
Schwartz On Security: Can Apple Minimalism Stop Botnets?