Is it a Big Mac attack? Two new malware threats and a major security hole have plagued the supposedly secure OS in the past month, which should give Mac advocates pause — or at least send them scurrying to buy antivirus software.
DetailsIn the past few weeks, Apple's Mac OS X has taken some very serious security hits, leading some of us professionally paranoid security types to wonder if we're finally seeing the long-expected surge of attacks on Apple systems. I never did buy into the theory that Apple's software was immune to malware or significant vulnerabilities — I've always figured that vandals attack the most obvious target, which is why Microsoft vulnerabilities are so often in the security headlines.
Apple's Mac OS X simply hasn't seen enough popularity to tempt cybervandals when Microsoft offered such a gigantic — and vulnerable — target. But, as users of Mozilla's Firefox have found, as a niche product gains market share, it simultaneously garners the interest of those who wish to show off or simply cause mischief.
And it looks like the month of February turned out to be very interesting for these people: two worms that targeted Mac OS X and a serious flaw in Mac OS X itself made headlines last month.
The first worm, dubbed Leap-A, spreads via Apple's iChat instant-messaging utility, and it only appears to affect Mac OS X 10.4 platform files. This malware is spreading in the wild, but initial infection rates appear to be very small.
According to Symantec's report, the name of iChat IM attachment is latestpics.gz, which has an apparent size of 2314.7 MB. If the attack is successful, the worm installs its components, deletes some files on the vulnerable system, and, unless it's an Intel-based computer, will attempt to spread. Symantec says that Intel-based systems are subject to damage from the worm but won't allow it to spread.
The second malware threat is actually only a test version or proof-of-concept worm known as Inqtana.A on almost all antivirus vendor lists. The worm uses a Bluetooth attack vector (input validation vulnerability) to spread. However, because it lacks an active payload, Inqtana.A is, as its author has made clear, more of a warning shot across the bow of Mac OS X users than a credible threat.
And if the first two worm threats weren't enough for February, a vulnerability in OS X has also surfaced. While this is probably a more serious blow to those who tout Apple's security superiority to Microsoft, the new remote code execution threat is quite reminiscent of all those Web site-based attacks that plague the Microsoft Windows and Internet Explorer world.
According to Symantec's report, this high-risk OS X archive metadata command execution vulnerability, discovered on February 21, affects those using Safari and Mail. Version 10.4.5 of Mac OS X and Mac OS X Server are definitely vulnerable, and earlier releases may also be susceptible.
Apple is reportedly working on a patch. Keep in an eye on Apple Security Updates for more information on upcoming patches.
The SANS Internet Storm Centre initially warned that this vulnerability could pose a serious threat. It later updated the initial warning to advise users that this vulnerability is a lot more dangerous than originally thought because merely shutting down Safari won't stop the attack. (See the initial Heise Online report for details about how Mail sometimes executes compressed files and metafile scripts without asking.)
As with the many similar Microsoft attacks, Mac users don't have to visit a malicious Web site to be subject to this threat — merely opening an email attachment is enough to trigger the attack. The latest reports say this is true even if you use Firefox to download the ZIP file. While Mozilla's Thunderbird email client does appear to immunise a system somewhat because it avoids the automatic execution of the infected file, that doesn't protect against user stupidity (such as opening attachments from strangers).
Final word
It's true that very few Apple worms are in existence. However, it's also unfortunately true that many Mac users feel such a sense of superiority to Microsoft users and invulnerability to threats that they often fail to take even the most elementary steps to protect their systems. What that means is that while many Windows users can laugh at the latest Microsoft worm announcement because we have solid firewall and antivirus protection, even a weak worm could spread like wildfire through largely unprotected Mac systems.
I have nothing against Apple, other than the old single-sourcing problem (which would bother anyone who used to be a purchasing agent for a computer-based company). But it's only fair to point out that Apple may not be prepared to step up quickly enough if cyber-vandals really turn their attention to Macs.
For years, Apple has gotten away with its stated policy: "Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available." But I wonder just how long it can continue stonewalling as the platform comes under increasing threats. (You might almost call Apple's stand a bit Mickey Mouse — at least if you listen to Wall Street rumours that predict an Apple purchase of Disney.)
Talkback
MOST OF THESE ARE SIMPLY PROOF O CONCEPT AND ARE NOT IN THE WILD.
From using Safari over the past few days, we find that
our ability to open webmail in Safari is 'frozen'. Click on
your mail to open it, and nothing happens.
This started happening Feb. 27/06 in Burnaby, B.C.
Professional?? What? You are the biggest idiot on the face of the planet. That has to be the very worst article I've ever read. Anyone who is unemployed needs to apply for this guys job, no experience or intelligence needed, only the ability to use a word processor and talk utter crap!
You've obviously never used a Mac let alone owned one. If you had you'd find that Mac OSX is a Unix based OS with the firewall turned on by DEFAULT. You'll also realise that these viruses were proof of concept, and that the iChat virus could only be transmitted via bonjour. Bonjour allows devices on the same network to talk to one another; it does not facilitate Internet traffic. So the virus never hit the wilds, and can’t be spread across the Internet via iChat.
Apple has already patched the security vulnerabilities; in fact they were patched on the day your article was published.
An article on the education of social engineering attacks would have been a more intelligent way forward, and also advising Mac users to move their main account away from the administrator account that many OSX users use.
Instead you've blown everything out of proportion. No system is immune; I've yet to meet a Mac user who thinks their system is immune. In fact I think you’ll find that Mac users are very security conscious, that’s why they’re using a Mac in the first place. You’ll also find that many Mac users immediately update their software as soon as it is available in order to reduce the risks associated with potential vulnerabilities. You’ll also find Apple are very quick to release security updates, much quicker than Microsoft. You’ll also find that Mac users know that two proofs of concept and an already patched security flaw, is a much safer bet than the thousands of viruses and holes present in Windows.
In answer to your argument that AppleMacs are only secure because they have a much smaller market share, so what! If that is the only reason why they are more secure, woopdy doo! That’s as valid a reason as any to buy a Mac. Would you say ‘I’m not going to move into that nice house in that quiet area of the town because it’s a false sense of security, because the house is only secure because less criminals frequent this part of town’. Of course not, you’re arguments are nescient.
Also I think you'll find that there have been major security issues reported on the potential vulnerability caused by having Symantec's software on your computer. I'm also sure you're aware that a virus has to hit the wild before the virus software vendors can release an update to combat it, so this means that until security vendors can get a patch out there everyone is at risk regardless of system platform. So as and when a real virus threat hits the wild, I think you will find that Mac users will then buy antivirus software, until then there is no point shelling out money on a software that does nothing but protect idiots like you from having a virus passed onto you from a Mac, but obviously that isn’t an issue for you because you are so secure behind your firewall.
Jason
Proof of concept at the moment but these attacks will without doubt become much more serious. All computer systems, without exception, are vulnerable. It's only common sense to do something about security on your Mac before a really serious threat develops.
I use Macs as well as PCs and I'm very conscious about security when using ANY computer, including Macs. However, contrary to what's asserted above the majority of Mac users I know personally and those I come across professionally never really give it a second thought.
It's high time really that we could discuss these things without getting down to the level of the playground. I don't like seeing anyone getting their data or even their hardware trashed by some emotionally challengede cyber-vandal.
I have been reading ZDNet news daily for the past couple of years and have always found it to be a damn good source of info. Having been a windows user all my life I never really paid attention to Apple articles until I made the switch a few weeks ago.
OS X keeps on surprising me with the effortless and professional way it works, all windows users should try it to see what a real operating system feels like.
Anyway, I am now a convert and have started paying attention to the Apple articles from ZDNet. I do now just for a laugh. They are so biased it is unbelieveable as a result I have lost all respect for this site. Every article is about how bad OS X is and how windows is just as good if not better.
ZDNet, are you in Microsoft's pocket by any chance?
Shocking.