A security researcher who was part of the team that found the first iPhone security flaw has announced that he believes that “Macs are as easy to hack as they are to use.” This is causing an uproar in the Apple community, which has long believed that Apple’s computers were somewhere between hardened and hackproof. The unfortunate truth of the matter is that some software running on even newer versions of Mac OSX are running older versions of some software, versions that have known vulnerabilities and could be used as attack vectors.
These claims are certainly nothing new, as SANS reported in May of 2006 that Mac vulnerabilities were on the increase, saying:
“Just because you use a Macintosh, don’t think you’re any more secure than a Wintel user. A sharp increase in the number of flaws being discovered in Mac OS X suggests that the Apple operating system may soon be every bit as prone to malicious attacks as Windows systems.”
Even when Apple patches its systems, it tends to be more secretive than other companies, leading to frustration on the part of security researchers who sit on undisclosed bugs while Apple finds time to patch them. Even the most mundane of Apple products, the Nike+iPod Sport Kit, has been found to be lacking basic cryptographic tools that could thwart someone trying to use the kit for surveillance.
Honestly, as far as I am concerned, Mac has its place and does a good job in that space. I have an eMac in my living room for Web browsing and child entertainment, but our other computer (and everything I deal with at work) is PC. When it comes down to it, I don’t worry because I follow (and have taught my wife to follow) some basic guidelines about life on the Web (don’t download things from organizations you haven’t heard of, discard even remotely suspicious e-mail, etc.) that, along with our trusty Linksys router, have kept us free from viruses and hacks for a decade.
Do you worry more about vulnerabilities on PC or Mac? Has Apple or Microsoft done more to improve the security of their operating system and applications? Why does Apple choose to be so secretive about potential security flaws? Do you trust Apple when it comes to security?