Apple Invites Kaspersky Lab to Consult on OS X Security Issues [Updated: No]
Speaking exclusively to Computing, Kaspersky CTO Nikolai Grebennikov said his firm had recently begun the process of analysing the Mac OS platform at Apple's request.Grebennikov believes that Apple "doesn't pay enough attention to security", citing the Java vulnerability that led to hundreds of thousands of Flashback malware infections. That vulnerability was patched by Oracle before the outbreak, but Apple did not issue its own update to close the hole in time.
"Mac OS is really vulnerable," he claimed, "and Apple recently invited us to improve its security. We've begun an analysis of its vulnerabilities, and the malware targeting it," said Grebennikov.
Grebennikov also notes that it is only a matter of time before malware begins showing up on iOS devices, believing that such threats will appear within the next year or so. Apple's "walled garden" approach of restricting application installation to software available through the App Store has allowed the company to minimize such threats for the time being, but Grebennikov argues that malware creators will find their way in and that Apple needs outside security expertise to help manage those threats due to its relative inexperience in the field.
Update: Kaspersky Lab has provided clarification to Engadget, claiming that Grebennikov's comments were taken out of context and that Apple has not invited Kaspersky to perform any security investigations.
On Monday, April 14, computing.co.uk published an article titled "Apple OS 'really vulnerable' claims Kaspersky Lab CTO" that includes an inaccurate quote regarding Apple and Kaspersky Lab. The article reports that Kaspersky Lab had "begun the process of analyzing the Mac OS platform at Apple's request" to identify vulnerabilities. This statement was taken out of context by the magazine – Apple did not invite or solicit Kaspersky Lab's assistance in analyzing the Mac OS X platform. Kaspersky Lab has contacted computing.co.uk to correct its article.Kaspersky's analysis is being undertaken at its own initiative, although Apple has reportedly indicated that it is "open to collaborating" on any new issues Kaspersky discovers.