Apple Security Threats Exaggerated, Report Reveals

Apple's desktop computers experience little malware, a review of 2009 has found, but this is partly because attacks are starting to move to the company's other platforms such as the iPhone.

According to A Year in Mac Security from software security outfit Intego, threats to Apple devices ratcheted up a gear in terms of seriousness, with a clutch of software vulnerabilities, website exploits and, as ever, sophisticated Trojans.

These included OSX.Trojan.iServices, which hid inside pirated copies of Apple's iWork suite and Adobe's Photoshop CS4 as a way of opening a back door into Macs, and continued with the return of an older piece of malware, RSPlug, which cropped up in variants throughout the year.

Later in the year, Mac users had to contend with the file-deleting OSX.Loosemaque 'virus' after a warning by Symantec, but which turned out to be spoof game designed to raise moral questions about the de-sensitising nature of computer games.

Intego goes on to document a number of vulnerabilities in OS X and May's massive 400MB update to patch 47 security issues to underline that the complacency of old about Apple security being good is sometimes misplaced.

Windows users will read the report with incredulity. An equivalent 2009 report for the world's dominant computer platform would run to hundreds if not thousands of pages - Intego's reaches seven including a one-page index of sources. Most of what passes for threats in the world of OS X would be laughed at by PC security researchers.

Intego has two defences. First, Mac users often explore the web with a naive sense of invulnerability and rarely seem to invest in security software from Mac-oriented security companies such as Intego itself. This makes them vulnerable even if the volume of threats is far lower than with better-defended PCs.

Second, the low number of security threats is mainly to do with it being a huge brand with a small global user base not worth criminals wasting their time on rather than any inherent superiority of design. Importantly, this might not always apply to Apple's other spin-off platforms such as the iPhone and whatever tablet computer Apple comes up with on 27 January, both of which could end up with large user bases.

During the year, iPhone OS 3.0 featured more than 40 patches, had its GPS hacked to betray a user's location, while anyone cracking open their iPhone in 'jailbroken' form removed around 80 percent of the platform's security at a stroke. The iPhone now has a small but significant user base of opened phones, which explains the success of pranks such as the one that allowed a hacker to install Rick Astley wallpaper on them.

"Users should think carefully if they want to take the risk of removing Apple's protection on their iPhones before jailbreaking them," the report concludes.

The problem for Apple is that it is trying to reconcile a closed software model with the increasing popularity of its post-iPhone devices. This adds up to the likelihood that software cracking will attract a growing following in the years ahead. OS X users may be relatively safe, but whether all of Apple's newer users are remains to be seen.

recommended for you

Top 20 Tech Underdogs

Read more »

Subscribe to the Security Watch Newsletter

Comments