Computing.co.uk reports on comments from the Chief Technology Officer of Russian security firm Kaspersky Lab, who claims that his firm has been invited by Apple to probe security issues on OS X and to assess the platform's vulnerabilities.
Speaking exclusively to Computing, Kaspersky CTO Nikolai Grebennikov said his firm had recently begun the process of analysing the Mac OS platform at Apple's request.
"Mac OS is really vulnerable," he claimed, "and Apple recently invited us to improve its security. We've begun an analysis of its vulnerabilities, and the malware targeting it," said Grebennikov.
Grebennikov believes that Apple "doesn't pay enough attention to security", citing the Java vulnerability that led to hundreds of thousands of Flashback malware infections. That vulnerability was patched by Oracle before the outbreak, but Apple did not issue its own update to close the hole in time.
Grebennikov also notes that it is only a matter of time before malware begins showing up on iOS devices, believing that such threats will appear within the next year or so. Apple's "walled garden" approach of restricting application installation to software available through the App Store has allowed the company to minimize such threats for the time being, but Grebennikov argues that malware creators will find their way in and that Apple needs outside security expertise to help manage those threats due to its relative inexperience in the field.
Update: Kaspersky Lab has provided clarification to Engadget, claiming that Grebennikov's comments were taken out of context and that Apple has not invited Kaspersky to perform any security investigations.
On Monday, April 14, computing.co.uk published an article titled "Apple OS 'really vulnerable' claims Kaspersky Lab CTO" that includes an inaccurate quote regarding Apple and Kaspersky Lab. The article reports that Kaspersky Lab had "begun the process of analyzing the Mac OS platform at Apple's request" to identify vulnerabilities. This statement was taken out of context by the magazine – Apple did not invite or solicit Kaspersky Lab's assistance in analyzing the Mac OS X platform. Kaspersky Lab has contacted computing.co.uk to correct its article.
Kaspersky's analysis is being undertaken at its own initiative, although Apple has reportedly indicated that it is "open to collaborating" on any new issues Kaspersky discovers.
Top Rated Comments
I'm sure Apple is paying them handsomely.
If this is so, why have most recent Mac exploits come in by way of plug-ins like Java or Flash? (And the rest have been social exploits, not technical ones.)
I'm not saying Apple doesn't need to work on these problems, I'm just saying that I wouldn't describe that as the "Mac OS" being vulnerable. Rather, it seems to me that the Mac OS is pretty darned secure if exploiters are having to attack it in roundabout ways such as that.
The Mac and iOS ecosystems are certainly vulnerable and need protecting. But the OS itself seems be doing ok to me.
I always have a suspicious feeling that there AV companies themselves plant viruses to help their cause!
again I know apple will grow bigger into the consumer and business market and will become MORE of a target... but again I have my suspicions.
I switched to mac back in 05 and never looked back - so its been a great 7 years of NO AV software and i want it to continue this way.
can't even trust these AV companions anyway thats to Norton and Sonys root kit.
The Deathstar only had 1 Weakness ;)
Don't say that! You'll invoke the wrath of GGJstudios! :D
Interesting.
A while ago I relayed a story on MacRumors about meeting a friends friend who worked in marketing for MacAfee. We were at a wedding talking about our jobs, and I jokingly asked who are all these people that code viruses and how do they make a living to support themselves as it takes a lot of time, are they MacAfee and Norton employees throwing out security breaches to create product demand? We laughed, but he kind of half heartedly chuckled and winked. We got a little quiet at that point :).