Avira, the antivirus software company, recently reported that serious Mac security flaws were found out by a former NSA employee, Patric Wardle. As per this report, Patric brings to notice that Apple’s Gatekeeper code-verifying the technology for OS X can be tampered with.
How serious are the Mac security flaws?
Apple generally makes Mac security as a part of its iOS development process. However, during the development of OS X, Apple has considered a different approach towards the security. Many consider that Mac security is more of an ‘afterthought’ for OS X. Apple has been suggested of the ‘Bug bounty’ programs, which will help track several unnoticeable security flaws in Mac. However, until Apple chalks out a different approach towards Mac security, the OS X will remain vulnerable to hackers and malware authors.
Avira mentions in its blog about the warning given by Patric Wardle at the recent RSA Conference in San Francisco.
“Wardle gave a presentation titled “Writing Bad@ss OS X Malware,” in which he challenges Apple’s OS X developers to change their way of thinking – especially considering that the majority of the malware getting into Macs (now measuring hundreds of thousands) is “amateur, even basic,” according to Wardle.”
Avira also mentions some of the serious Mac security flaws in the blog,
“More advanced Mac attacks, such as the ‘Rootpipe’ back door, have been difficult for Apple to patch, and failed ‘fixes’ have been covered by thehackernews.com, computerworld.com, securityweek.com, forbes.com, and others in the first half of 2015.”
The report, published by a leading independent computer security testing firm that recently tested 10 different Mac OS X security software packages, mentions,
“The legend that Mac OS X is supposedly invincible is not borne out by the facts. In the aftermath of major attacks by Flashback, the police Trojan Browlock or Shellshock, the number of assaults on Mac OS X continues to increase.”
Thus, several reports from various sources point out at one thing, and that is Mac security flaws in the development of OS X. It will interesting to see how Apple responds to these raised flags. Read more about this on the Avira blog.
I think Apple gave Mac users a sense of false security for years that they were invincible when they really were not, Macs have been vulnerable far long before these discoveries had been made and until now that there market share has grown it is now being brought into the light. Not that I am being arrogant but I am sure glad to see it because I have been saying it for years, now we don’t have to hear from all the Mac fan boys about our Windows systems anymore, your systems have just as much maybe more and just as serious security flaws as any Windows system on the market.
True. Apple trust the foolishness of their customers. So much so that they had run an ad that “Macs don’t get PC (Windows) viruses”.
Any sane person would know if a Windows program does not run on Mac, nor will a Windows malware. Someone must have warned them against false advertisement, so they silently dropped the claim from their website.
It had almost become a routine for iOS & OSX to be butchered first by Charlie Miller at ConSecWest Hacking completions.
You and Mr. Gupta are very correct. And these days “false sense” even applies to Linux distros, where a distro or user installs apps which allow Linux to r/w re Windows files…even if Linux is unaffected by and “blind” to any code for Windows, it can transmit stuxnet or anything else to removable media and infect Windows when connected there; as more distros/users avail of such apps, one wonders how much longer it will take the Linux attack vector to increase as hackers attempt the reverse with malware unseen in Windows/Mac but transferred to Linux…which currently offers little in way of AV, on proposition Linux is “very malware-resistant”. Important to consider as even Google operates on 1,000 Linux servers, and users include “Amazon” and various national/local governments (proprietary SUSE platform notwithstanding).
To all those Mac users that laughed at me in all the forums years ago …….. well, the joke is on you. How does it feel to buy an over priced malware magnet?