It’s been an impressively quiet year so far on the PC virus
and worm front, and hackers seem to be focusing their attention elsewhere. One
such area is Apple’s Mac OS X. Once mostly ignored by malware developers, there
appears to be a growing interest in this “alternative” OS.


Have you noticed the dearth of serious PC virus and worm
threats out there lately? Well, it isn’t a figment of your
imagination—according to, viruses are no
longer the top security threat

While serious attacks are still likely to emerge, the bottom
has apparently fallen out of the PC antivirus market—just as Microsoft begins a
big push into the security market. One cause of this drop-off is solidifying
defenses, which have led vandals to focus more on IM and phishing attacks.

But another reason is the increase of hacker interest in
Macintosh—specifically, Apple’s OS X, at least according to McAfee’s AVERT Labs. Apple
may have left 1984 behind, but it’s facing a brave new world of threats.

McAfee reports that 76 Apple-directed viruses emerged between
1987 and the start of this year. That’s certainly an excellent reason for Apple
to run TV ads touting its superior security and a good reason for Apple users
to be smug.

But that may all be about to change. The number of newly
discovered Mac OS X vulnerabilities has surged by more than 220 percent
(annualized) from 2003 to 2005. Compare that to an 80 percent increase in the
number of Windows vulnerabilities.

Of course, McAfee is in the business of selling antivirus software,
so it’s important to take its reports with a grain of salt (as with any antivirus
vendor). However, it should be obvious to anyone that OS X’s growing popularity
on Apple computers has helped boost the level of known vulnerabilities.

But just because an antivirus vendor reports the numbers
doesn’t mean they aren’t true. For example, consider the company’s March 2006
patch, which addressed an unprecedented
20 new vulnerabilities
. According to McAfee, Apple’s Mac OS X is just as
vulnerable to attacks as the much more popular Windows platform.

One major concern is whether Apple is prepared to meet this
increasing level of attention from malware developers. It took years for
Microsoft to really come to grips with the mechanics of releasing warnings and
patches in a halfway decent way, and the number of attack vectors caused a lot
of the problem. Apple is facing a brave new world of its own, and it may not be
ready for the volume of threats that are developing.

Another big concern is just how many Mac users install
antivirus software and update it properly. While I certainly wouldn’t blame
most of them for ignoring the minor problems and avoiding the extra expense, this
could easily add to the problem as attack vectors multiply and actual attacks
increase exponentially.

To make an informed judgment on your own, I recommend
reading this McAfee
white paper PDF
about the emerging OS X threat. An interesting chart on
page four shows statistics on Apple vulnerabilities from Secunia, FrSIRT, and
the National Vulnerability Database.

While the numbers are still small when compared to Windows,
the trend is extremely worrying. For a summary of current Apple threats and
patches, Secunia’s Apple
Macintosh OS X Vulnerability Report
is easier to understand than any of the
“official” Apple sites I know.

Currently, there’s a critical, unpatched remote denial of service
and system access threat to Mac OS X. Secunia Advisory 19686 lists
these CVE references for the unpatched vulnerabilities: CVE-2006-1983, CVE-2006-1985, CVE-2006-1982, CVE-2006-1984, CVE-2006-1986, CVE-2006-1987, and CVE-2006-1988. The same bulletin lists Tom Ferris as the source
of the report and provides links to the original advisories.


The vulnerability definitely affects Macintosh OS X 10.4.6
and probably other versions as well.

Risk level

Secunia has rated this threat as highly critical.


Apple has not yet released a patch. Until one is available,
don’t open compressed archives or images from untrusted sources, and avoid
visiting untrusted Web sites.

Final word

For years, I’ve been reminding people that the product with
the biggest market share always gets the most attention, and that’s a major reason
for Windows’ propensity to be a target. I’ve also said that UNIX—and Apple in particular—was
mostly safe because it was an obscure target.

However, this is no longer the case. It’s time for security
professionals to begin addressing the probable complacency among end users in
graphics departments or elsewhere in the company, who have been largely
ignoring security threats.

Miss a column?

Check out the IT Locksmith Archive,
and catch up on the most recent editions of John McCormick’s column.

Want to stay on top of
the latest security updates? Automatically
sign up for our free IT Locksmith newsletter
, delivered each Tuesday!

John McCormick is a
security consultant and well-known author in the field of IT, with more than
17,000 published articles. He has written the IT Locksmith column for
TechRepublic for more than four years.