Apple Leads in Software (In)security

By  |  Thursday, July 22, 2010 at 4:57 pm

Secunia, a security service provider well known for tracking software defects, has ranked Apple as having the most reported vulnerabilities for its platforms during the first half of 2010. The majority of the flaws reside in OS X applications.

I’m not surprised. As malicious operating systems have become more hardened, exploiting vulnerabilities has required increasingly sophisticated attacks. End users are updating their systems, using antivirus programs–at least Windows users do–and have deployed firewalls. Hackers have to look for holes in applications.

Secunia reports that vulnerabilities were found in Apple applications such as iTunes, QuickTime, and Safari, and in the apps of third parties including Adobe and Oracle. Today, we reported that Safari has a vulnerability that could allow someone to delete your address book.

The bad news is that malicious hackers are no longer lone geeks out to cause mayhem or maybe profit; they are part of organized criminal organizations that are organized like corporations, and follow regular software release cycles. They are working for monetary gain, and it’s big money. Your credit cards and your data is valuable.

Last year, I called on Apple to help its partners write more secure applications through providing its best practices and tools. I repeat that call today. Microsoft has already done so by sharing its Security Development Lifecycle with developers and distributing the security tools that it uses internally free of cost.

This trend is clearly not just an Apple problem, but it’s a problem that Apple needs to been more aggressive about addressing. This is especially true as its platforms grow in popularly. It’s time for more cooperation.

 
13 Comments


Read more: , ,

13 Comments For This Post

  1. Tom B Says:

    Secunia has one huge vulnerability; the more people use Macs; the fewer people need security software.

  2. Agile Process Says:

    //Secunia, a security service provider well known for tracking software defects, has ranked Apple as having the most reported vulnerabilities for its platforms during the first half of 2010. //

    is it? its very new to me

  3. Will from Freeapple Says:

    Tom B that is a very good point. They are just trying to protect themselves.

  4. Mister Reiner Says:

    The important thing about vulnerabilities is understanding the compromise vector (how the system can be compromised) and the likelihood that the vulnerability can be exploited by a hacker (referred to a risk).

    If a system can be compromised through user action (i.e open an email, open a file or go to a Web site), then the risk is usually high, because users can be socially engineered to do almost anything. If the risk does not involve user action, then it becomes a matter of how accessible the system is over a network connection and if the system is listening on the specific protocol or port through which a compromise can be achieved.

    Go back through the list of vulnerabilities for each operating system over the past six months and ask yourself how likely it is that a system is going to be compromised. Then come back and let us know what you think.

    Cheers

  5. Max Says:

    They did not state that the apple OSX platform is the least secure, but that apples OS and applications had the most reported vulnerabilities of the software vendors listed.

    All large software projects have flaws, what the flaw allows malicious code to do and how quickly they are patched is what people should be paying attention to.

    To quote: “The above graph is not an indication of the individual vendors’ security, as it is not possible to compare the vendors based on number of vulnerabilities alone. To assess the “performance” of vendors in terms of vulnerabilities one should rather look at the changes in the type of vulnerabilities, code quality, handling of vulnerability reports, ability to update users, quality of patches, ability to communicate to end users, number of products, complexity of product portfolio, and other factors which cannot be read out of mere aggregate numbers.”

    Macs in general have a lot less issues with viruses/malware than windows boxes, that should not be misconstrued at them somehow being immune. It also doesn’t mean the user can somehow never have to contemplate the security implications of what they do while on a networked computer.

    At least blindly support/defend apple against what is actually being stated please.

  6. JDoors Says:

    (The knee-jerk "Microsoft sucks" responses are just pathetic.)

    I wonder if, as Windows becomes more secure (and it is), and Apple's market share rises (well, maybe not on the desktop, but in general), Apple's security flaws NEED to be brought out into the open.

    It was fairly safe to ignore those flaws, to be in denial that they even exist, but that attitude cannot last forever. Time to wake up.

  7. Argon Says:

    Hey! Well Steve Jobs told me that there aren't any problems with Macs so I guess there are none. Plus Mac Ads tought me that Windows is very unsecure, so I guess it is… Something is only good when nobody talks what is bad about it.

  8. Luke Says:

    Heh. Users are and always will be the biggest threat to a system's security. As Mac adoption grows the security issues that the ever popular Windows has suffered will also begin to affect Mac users. I'm certain "inexperienced" Mac users just as blindly "run as root" as quickly as any "inexperienced" Windows user.

  9. bims Says:

    .) This is the right blog for anyone who wants to find out about this topic. You realize so much its almost hard to argue with you (not that I actually would want…HaHa). You definitely put a new spin on a topic thats been written about for years. Great stuff, just great!

  10. Jsparco Says:

    Thanks for sharing! These have been fantastic leads for software.
    Orlando Golf Course

  11. Religion jeans Says:

    <ahref="http://www.toptruereligion.com/">Mens Ture Religion jeans outlets#Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I’ll be subscribing to your feed and I hope you post again soon

  12. jurgenliastr Says:

    Thanks for sharing. i really appreciate it that you shared with us such a informative post..
    Assignment, Essays, Coursework Writing, Admission Essay Writing

  13. Pret Immobilier Says:

    I found so many entertaining stuff in your blog, especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! Keep up the excellent work.