With the recent spate of Mac malware occurrences, including two variations which leveraged vulnerabilities in Java, it’s become a matter of necessity for Apple to be more proactive about OS X security. The company has decided to do so by enlisting the help of security company Kaspersky Labs, reports Computing.
After the Flashback malware was found to be affecting some 700,000 Macs, and fixes released by Apple have only slowly chipped away at the infections.
Kaspersky CTO Nikolai Grebennikov says that ”Mac OS is really vulnerable and Apple recently invited us to improve its security,” adding, “we’ve begun an analysis of its vulnerabilities, and the malware targeting it.”
Grebennikov says that Apple’s lack of ‘seriousness’ when it comes to security opened a way for the flashback vulnerability to spread, by blocking Oracle updates to Java and patching the browser plugin itself. By lagging on fixing a vulnerability, the systems opened themselves to attack.
He also makes an interesting statement about Apple’s mobile OS, saying “”Our experience tells us that in the near future, perhaps in a year or so, we will see the first malware targeting iOS.”
Since iOS is far more heavily protected by sandboxing and application silos than Mac OS X is, any malware affecting it would have to be extremely innovative in its construction.
Apple has said that it is working to attack the botnet that is spreading the infection. It has already released a patch to Java and a standalone removal tool to address the issue.
The fact that the numbers are not dropping as dramatically as it first seemed isn’t anything crazy to worry about, but it does show that Apple still has a lot of work to do to contain Flashback. All of this even as a new threat, in the SabPub backdoor infection, rears its head.
Hopefully, with the help of Kaspersky, Apple can be more proactive about addressing malware. Perhaps it can even come up with a native anti-malware (and anti-virus) solution that ships with OS X, providing an Apple-supported way to combat malware as Macs get more popular and become larger targets for hackers and exploits.
ICT4PE&D
No comments:
Post a Comment
Thank's!