Apple Blazing a Trail in Software (In)security
Secunia, a security service provider well known for tracking software defects, has ranked Apple as having the most reported vulnerabilities for its platforms during the first half of 2010. The majority of the flaws reside in OS X applications.
I’m not surprised. As malicious operating systems have become more hardened, exploiting vulnerabilities has required increasingly sophisticated attacks. End users are updating their systems, using antivirus programs–at least Windows users do–and have deployed firewalls. Hackers have to look for holes in applications.
Secunia reports that vulnerabilities were found in Apple applications such as iTunes, QuickTime, and Safari, and in the apps of third parties including Adobe and Oracle. Today, we reported that Safari has a vulnerability that could allow someone to delete your address book.
The bad news is that malicious hackers are no longer lone geeks out to cause mayhem or maybe profit; they are part of organized criminal organizations that are organized like corporations, and follow regular software release cycles. They are working for monetary gain, and it’s big money. Your credit cards and your data is valuable.
Last year, I called on Apple to help its partners write more secure applications through providing its best practices and tools. I repeat that call today. Microsoft has already done so by sharing its Security Development Lifecycle with developers and distributing the security tools that it uses internally free of cost.
This trend is clearly not just an Apple problem, but it’s a problem that Apple needs to been more aggressive about addressing. This is especially true as its platforms grow in popularly. It’s time for more cooperation.