Security firm Intego has added to the bevy of year-in-review pieces for 2009 with a comprehensive report on Mac and iPhone security of the past year. While this may seem more than a little self-serving for the authors of VirusBarrier, the report is fair, comprehensive and hyperbole-free.
When it comes to Mac malware, there are only known two Trojan horses in the wild, which were respectively found via
OS X itself fared pretty well when it came to operating system level exploits, with the report outright stating that "Mac OS X, while more secure than Windows, contains its share of flaws, and Apple has to constantly keep on its toes to issue several dozen security updates each year."
For most security holes, Apple issued a patch within a month of the vulnerability being brought to public attention, with the one exception being OS X's Java runtime. A security researcher brought up how one Java vulnerability remained un-patched for more than six months, but Apple released a patch only a month after his concerns were made public. One kernel-level vulnerability in April allowed hackers to potentially break into OS X without a user's consent, but that was patched in May.
For jailbreakers, though, it was another story entirely.
The biggest target on the iPhone was the ssh remote login protocol, which allowed hackers and worms to get into the iPhone by correctly guessing the default password--a password which was not changed by most jailbreaking software. The first worm to exploit this ssh flaw actually "fixed" it by turning off ssh, but subsequently both a worm and hacking tool were each able to successfully download and upload software as well as other information to and from users' iPhones without their consent, paving the way for phishing attacks and the creation of a botnet.
Intego's report only goes to prove Macworld contributor
This story, "Intego Releases Report on Mac, IPhone Security for 2009" was originally published by Macworld.