Mac Security In Spotlight - MacBook Air Hacked, Apple Patch Times
The contest pitted a MacBook Air against a Vista laptop and a Ubuntu Linux laptop, all fully patched. While all 3 laptops did not fall the first day which only allowed attacks against the base OS for a prize of $20,000 (+laptop), the MacBook Air reportedly took only 2 minutes to fall on day 2 when conference rules were relaxed to include all OS-bundled software for a prize of $10,000 (+ laptop).
While details of the exploit are under non-disclosure while Apple works on the issue, the attack was levied against Safari, after the user was directed to a specially crafted website (as allowed by the rules). The exploit has been reported to be an overflow bug in Webkit.
The remaining two laptops survived the rest of the second day, but the Vista laptop fell the following day when Adobe Flash player was installed as the rules were further relaxed to allow for attack of popular 3rd party applications. The Linux laptop was not exploited.
While Apple is aware of and working on the vulnerability, a recent study has claimed that Apple's response time to such 0-day vulnerability patches lags significantly behind that of Microsoft.
The study, conducted by the Swiss Federal Institute of Technology, analyzed 658 vulnerabilities affecting Microsoft products and 738 affecting Apple, all of which were high and medium risk according to the National Vulnerability Database.
"Apple was below 20 [unpatched vulnerabilities at disclosure] consistently before 2005," [said researcher Stefan Frei]. "Since then, they are very often above. So if you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple." [...]
"We think that Apple had fewer vulnerabilities early on, and they were just surprised or not as ready or not as attentive," Frei said. "It looks like Microsoft had good relationships earlier with the security community."
Over the past few years, Microsoft has tried to cultivate a closer relationship with the security community in order to encourage researchers to give it a heads-up about software problems. Apple, however, doesn't appear to have that same sort of engagement yet, and, "based on our findings, this is hurting them," Frei said.
A spot-check of security firm Secunia's statistics show that 6% of 113 bugs found in Apple's Mac OS X operating system from 2003 to 2008 remain unpatched.
Top Rated Comments
(View all)
:apple:
If Apple's OS X is so secure, why are these hackers saying that it's the easiest OS to hack?
:apple:
Because OSX's "security" relies on the fact that it takes up only about 7% (or is it 8% now?) marketshare.
A man in camouflage is less likely to be shot than a man in a neon jumpsuit.
EDIT: aaaaand start the flame wars. (Just reread my post and realized it's going to offend 90% of the people reading it.)
some people are using many different excuses for this but the fact is that no excuse can excuse the fact that our osx is not that secure. i don't care if the guy spent two years finding this hole, he found it and it made safari fall and that led to osx going down.
i hope that apple stop this silly advertising smere campaign to make their os look bulletproof when it has been shown time and time again to not be bulletproof but rather just well done.
the numbers that come in are more and nore scary - we need less focus on just designability and usability but proper security, proper security, not advertising security.
Personally though, I have no anxiety over someone hacking into my machine.
Apple has been making **** software and **** computers ever since they decided to put all their focus on the iPod and the impressive iPhone. They have limited resources. Since iPod became huge not ONE SINGLE hardware release did not have at least one recall on one of its part in the following 15 months.
10.5 was a colossal technical failure. Every softwares are buggy. Maybe it's time they separated the 2 businesses and star making really good computers that works for years again.
The lesson learned as I see it (and always have).
Don't go to sites that look seedy and don't download/open things you don't trust.
I will still stand by OS X as a very secure OS. User error and applications are the weak point.
Because OSX's "security" relies on the fact that it takes up only about 7% (or is it 8% now?) marketshare.
A man in camouflage is less likely to be shot than a man in a neon jumpsuit.
EDIT: aaaaand start the flame wars. (Just reread my post and realized it's going to offend 90% of the people reading it.)
i hear the only 8% arguement So mcuh... it may have some credibility.
BUT... ok so the MAJORITY of hackers wont bother to hack macs simply because they can only attack a small 8% marketshare. Thing is, EVENTUALLY a hacker is gonna say "im gonna hack OS X for fun!"
in THAT case... dont you think we'd begin hearing problems of macs being hacked? Honestly other then in hacking contests and such, I've NEVEr heard of a mac being hacked in a normal-life situation. Can anyone explain that? Considering AT LEAST one hacker would decide to either try to challenge himself, or try to be one of the only hackers attacking macs.
i posted about this in macnn.com and got slathered in hot boiling oil. it seems that they with a cooler website are a bit more scathing. anyway, yeah i am upset.
pretending I didn't hear the "cooler website" part, but either way, no burning hot oil should be poured here.
[ Read All Comments ]
Analytics firm Chitika today released a report showing that by its metrics iOS has now surpassed OS X in overall web traffic share in the United States. Chitika's methodology involves an analysis...
One of the most frequent reasons for an iPhone to go on a trip to the Apple Store's Genius Bar is because of water damage. Typically, a water damaged iPhone can be replaced for a flat $199...
TheVerge's Joshua Topolsky summarizes the iPad 3 casing findings reported earlier today, but also adds his own sources regarding some details of the iPad 3.
Image from RepairLabs
As...
Last July, Apple discontinued the white MacBook from its consumer lineup, pushing consumers toward the company's popular MacBook Air line or the 13-inch MacBook Pro. The company didn't kill...
Popular iPhone Twitter client Tweetbot has finally arrived on the iPad, with a user interface instantly familiar to any current Tweetbot user. Designed for the Twitter power-user, Tweetbot packs a...
