Apple Invites Kaspersky Lab to Consult on OS X Security Issues [Updated: No]

Monday May 14, 2012 8:34 am PDT by Eric Slivka
Computing.co.uk reports on comments from the Chief Technology Officer of Russian security firm Kaspersky Lab, who claims that his firm has been invited by Apple to probe security issues on OS X and to assess the platform's vulnerabilities.
Speaking exclusively to Computing, Kaspersky CTO Nikolai Grebennikov said his firm had recently begun the process of analysing the Mac OS platform at Apple's request.

"Mac OS is really vulnerable," he claimed, "and Apple recently invited us to improve its security. We've begun an analysis of its vulnerabilities, and the malware targeting it," said Grebennikov.
Grebennikov believes that Apple "doesn't pay enough attention to security", citing the Java vulnerability that led to hundreds of thousands of Flashback malware infections. That vulnerability was patched by Oracle before the outbreak, but Apple did not issue its own update to close the hole in time.

Grebennikov also notes that it is only a matter of time before malware begins showing up on iOS devices, believing that such threats will appear within the next year or so. Apple's "walled garden" approach of restricting application installation to software available through the App Store has allowed the company to minimize such threats for the time being, but Grebennikov argues that malware creators will find their way in and that Apple needs outside security expertise to help manage those threats due to its relative inexperience in the field.

Update: Kaspersky Lab has provided clarification to Engadget, claiming that Grebennikov's comments were taken out of context and that Apple has not invited Kaspersky to perform any security investigations.
On Monday, April 14, computing.co.uk published an article titled "Apple OS 'really vulnerable' claims Kaspersky Lab CTO" that includes an inaccurate quote regarding Apple and Kaspersky Lab. The article reports that Kaspersky Lab had "begun the process of analyzing the Mac OS platform at Apple's request" to identify vulnerabilities. This statement was taken out of context by the magazine – Apple did not invite or solicit Kaspersky Lab's assistance in analyzing the Mac OS X platform. Kaspersky Lab has contacted computing.co.uk to correct its article.
Kaspersky's analysis is being undertaken at its own initiative, although Apple has reportedly indicated that it is "open to collaborating" on any new issues Kaspersky discovers.

[ 133 comments ]

Top Rated Comments

(View all)

Avatar
lunarworks
100 months ago
Why would a company that sells anti-malware solutions want to help make an OS more secure?
Rating: 39 Votes
Avatar
PurrBall
100 months ago

Why would a company that sells anti-malware solutions want to help make an OS more secure?


I'm sure Apple is paying them handsomely.
Rating: 27 Votes
Avatar
Small White Car
100 months ago
I'm always a bit confused by phrases like "Mac OS is really vulnerable."

If this is so, why have most recent Mac exploits come in by way of plug-ins like Java or Flash? (And the rest have been social exploits, not technical ones.)

I'm not saying Apple doesn't need to work on these problems, I'm just saying that I wouldn't describe that as the "Mac OS" being vulnerable. Rather, it seems to me that the Mac OS is pretty darned secure if exploiters are having to attack it in roundabout ways such as that.

The Mac and iOS ecosystems are certainly vulnerable and need protecting. But the OS itself seems be doing ok to me.
Rating: 24 Votes
Avatar
holmstockd
100 months ago
I know there are hackers but...

I always have a suspicious feeling that there AV companies themselves plant viruses to help their cause!

again I know apple will grow bigger into the consumer and business market and will become MORE of a target... but again I have my suspicions.

I switched to mac back in 05 and never looked back - so its been a great 7 years of NO AV software and i want it to continue this way.

can't even trust these AV companions anyway thats to Norton and Sonys root kit.
Rating: 21 Votes
Avatar
Dr McKay
100 months ago

Really vulnerable with less than 5 known threats? :rolleyes:


The Deathstar only had 1 Weakness ;)

I thought Macs couldn't get viruses. :o


Don't say that! You'll invoke the wrath of GGJstudios! :D
Rating: 19 Votes
Avatar
3282868
100 months ago

Grebennikov also notes that it is only a matter of time before malware begins showing up on iOS devices, believing that such threats will appear within the next year or so.


Interesting.

A while ago I relayed a story on MacRumors about meeting a friends friend who worked in marketing for MacAfee. We were at a wedding talking about our jobs, and I jokingly asked who are all these people that code viruses and how do they make a living to support themselves as it takes a lot of time, are they MacAfee and Norton employees throwing out security breaches to create product demand? We laughed, but he kind of half heartedly chuckled and winked. We got a little quiet at that point :).
Rating: 17 Votes
Avatar
Thiemo
100 months ago

Really vulnerable with less than 5 known threats? :rolleyes:


Vulnerability isn't defined by the number of different threats present but by the susceptibility to any – even hypothetical! – possible threats!

It's not the number of attackers in front of the city walls! It's the number and size of holes in the walls! The absence of attackers don't negate the holes away!
Rating: 16 Votes
Avatar
djrod
100 months ago
Really vulnerable with less than 5 known threats? :rolleyes:
Rating: 15 Votes
Avatar
mrgraff
100 months ago

Why would a company that sells anti-malware solutions want to help make an OS more secure?


They'll never run out of PC customers.
Rating: 12 Votes
Avatar
Sardonick007
100 months ago
Translation

...Windows is no longer the only game in town and Mac's popularity means we can (anti-virus vendor) have an untapped, virgin market to exploit..err, protect.
In other news, an apple a day keeps the **** away, mostly.
Rating: 12 Votes

[ Read All Comments ]