X marks the spot: Hackers turn attention to Apple's OS

Hackers are increasingly focusing on Apple's Mac OS X, and the number of newly discovered vulnerabilities has surged. Such a switch could mean big implications for Apple's user base, which has traditionally not had to concern itself too much over security. John McCormick has the details in this edition of the IT Locksmith.

It's been an impressively quiet year so far on the PC virus and worm front, and hackers seem to be focusing their attention elsewhere. One such area is Apple's Mac OS X. Once mostly ignored by malware developers, there appears to be a growing interest in this "alternative" OS.


Have you noticed the dearth of serious PC virus and worm threats out there lately? Well, it isn't a figment of your imagination—according to vnunet.com, viruses are no longer the top security threat.

While serious attacks are still likely to emerge, the bottom has apparently fallen out of the PC antivirus market—just as Microsoft begins a big push into the security market. One cause of this drop-off is solidifying defenses, which have led vandals to focus more on IM and phishing attacks.

But another reason is the increase of hacker interest in Macintosh—specifically, Apple's OS X, at least according to McAfee's AVERT Labs. Apple may have left 1984 behind, but it's facing a brave new world of threats.

McAfee reports that 76 Apple-directed viruses emerged between 1987 and the start of this year. That's certainly an excellent reason for Apple to run TV ads touting its superior security and a good reason for Apple users to be smug.

But that may all be about to change. The number of newly discovered Mac OS X vulnerabilities has surged by more than 220 percent (annualized) from 2003 to 2005. Compare that to an 80 percent increase in the number of Windows vulnerabilities.

Of course, McAfee is in the business of selling antivirus software, so it's important to take its reports with a grain of salt (as with any antivirus vendor). However, it should be obvious to anyone that OS X's growing popularity on Apple computers has helped boost the level of known vulnerabilities.

But just because an antivirus vendor reports the numbers doesn't mean they aren't true. For example, consider the company's March 2006 patch, which addressed an unprecedented 20 new vulnerabilities. According to McAfee, Apple's Mac OS X is just as vulnerable to attacks as the much more popular Windows platform.

One major concern is whether Apple is prepared to meet this increasing level of attention from malware developers. It took years for Microsoft to really come to grips with the mechanics of releasing warnings and patches in a halfway decent way, and the number of attack vectors caused a lot of the problem. Apple is facing a brave new world of its own, and it may not be ready for the volume of threats that are developing.

Another big concern is just how many Mac users install antivirus software and update it properly. While I certainly wouldn't blame most of them for ignoring the minor problems and avoiding the extra expense, this could easily add to the problem as attack vectors multiply and actual attacks increase exponentially.

To make an informed judgment on your own, I recommend reading this McAfee white paper PDF about the emerging OS X threat. An interesting chart on page four shows statistics on Apple vulnerabilities from Secunia, FrSIRT, and the National Vulnerability Database.

While the numbers are still small when compared to Windows, the trend is extremely worrying. For a summary of current Apple threats and patches, Secunia's Apple Macintosh OS X Vulnerability Report is easier to understand than any of the "official" Apple sites I know.

Currently, there's a critical, unpatched remote denial of service and system access threat to Mac OS X. Secunia Advisory 19686 lists these CVE references for the unpatched vulnerabilities: CVE-2006-1983, CVE-2006-1985, CVE-2006-1982, CVE-2006-1984, CVE-2006-1986, CVE-2006-1987, and CVE-2006-1988. The same bulletin lists Tom Ferris as the source of the report and provides links to the original advisories.


The vulnerability definitely affects Macintosh OS X 10.4.6 and probably other versions as well.

Risk level

Secunia has rated this threat as highly critical.


Apple has not yet released a patch. Until one is available, don't open compressed archives or images from untrusted sources, and avoid visiting untrusted Web sites.

Final word

For years, I've been reminding people that the product with the biggest market share always gets the most attention, and that's a major reason for Windows' propensity to be a target. I've also said that UNIX—and Apple in particular—was mostly safe because it was an obscure target.

However, this is no longer the case. It's time for security professionals to begin addressing the probable complacency among end users in graphics departments or elsewhere in the company, who have been largely ignoring security threats.

Miss a column?

Check out the IT Locksmith Archive, and catch up on the most recent editions of John McCormick's column.

Want to stay on top of the latest security updates? Automatically sign up for our free IT Locksmith newsletter, delivered each Tuesday!

John McCormick is a security consultant and well-known author in the field of IT, with more than 17,000 published articles. He has written the IT Locksmith column for TechRepublic for more than four years.