Hackers play attack a Mac

Even Apple's shiny new OS X 10.5 Leopard doesn't escape criticism from F-Secure

As far as security goes, Apple has had it easy. How Steve Jobs has laughed at Windows' ongoing security woes - not least during those annoying 'Get a Mac' ads.

But popularity breeds contempt, so the saying goes. And with Apple's OS X-sporting hardware experiencing growth from the iPod halo effect, there's never been a more appealing time for a hacker to attack a Mac.

Several threats on OS X

In its bi-yearly security report, security vendor F-Secure warns of several threats on OS X, as well as potential attacks on the iPhone. Apple's market share is now significant enough for malware gangs to think they can make some money out of it, says the security vendor.

Money has become the big motivator for malware ne'er-do wells. And they were even given a place to start. After Safari became available for the PC, F-Secure says it was able to find exploitable flaws across both versions of the browser.

As far as the latest iteration of Mac OS - X 10.5 Leopard - goes, F-Secure notes in its report that there "have already been numerous updates made available".

Indeed, it goes so far as to suggest that old security flaws may have been introduced with the latest release of the OS. "Leopard's new Firewall received criticism for its implementation and may affect Apple's aura of perfect security." Last month a flaw was discovered in Leopard's Time Machine backup software.

iPhone also at risk

And, with OS X also available on the iPhone, the security vendor is warning of potential security issues with the device. "If you understand Unix security, then you can relatively easily 'port' your knowledge and understanding to the iPhone," it warns.

"With the portability of understanding and the known Safari flaws mentioned, coupled with the excellent hardware design, focus greatly intensified on the iPhone. Including the fact that the iPhone is a 'locked' device and you have a perfect combination of factors leading to iPhone exploit research.

"Not only does this vulnerability make it significantly easier for a phisher to dupe an Apple iPhone user, but it also has the potential to wreak financial havoc on mobile service providers faced with a sudden influx of fraud claims," Brian Chess, chief scientist at Fortify, wrote on his blog.

As for specific examples of attacks on Mac OS, F-Secure cites DNS Changers as being of particular concern. "We're seeing a growing number of Mac DNSChanger variants. The previous lack of Mac OSX malware could be a distinct disadvantage for its users."

The exploit uses a so-called "video codec" which, like other software, needs the Mac owner to input their admin password to execute. F-Secure says this could be a big problem, since Mac users are used to typing in their password - and they simply aren't used to the experience of malware.

F-Secure also warned of potential risks to third party apps such as iTunes and QuickTime running in Windows since the OS itself has "hardened" against attack. We reported back in May how Apple had fixed a cross-platform flaw in QuickTime.

Contributor

Dan (Twitter, Google+) is TechRadar's Former Deputy Editor and is now in charge at our sister site T3.com. Covering all things computing, internet and mobile he's a seasoned regular at major tech shows such as CES, IFA and Mobile World Congress. Dan has also been a tech expert for many outlets including BBC Radio 4, 5Live and the World Service, The Sun and ITV News.