Menu

ARCHIVE

Apple's OS X Suddenly Not So Secure After All

A serious new vulnerability in Apple Computer Inc.'s Safari Web browser and new worms that target Apple's OS X operating system have raised awareness of the growing number of threats to computers that do not run the Windows operating system.

Security and anti-virus companies issued advisories Feb. 21 about a dangerous new hole in the Safari browser that could enable attackers to install malicious code on Apple OS X systems without any user interaction.

The warnings follow news of a slew of malicious code for OS X in the last week, including new worms known as "Leap" and "Ingtana."

The new threats may change the way that some Internet users, especially those on the Mac platform, view security, said Graham Cluley, senior technology consultant at anti-virus company Sophos PLC in the United Kingdom.

The Safari Web browser flaw is in a feature called Open Safe Files that is enabled by default.

That feature allows files such as ZIP archives and movie files to be opened and viewed automatically.

Attackers could use a security hole in the feature to run malicious programs on OS X systems without any input from the computer user, according to Johannes Ullrich, CTO of The SANS Internet Storm Center.

"It's pretty serious. It's extremely trivial to exploit," he said.

No attacks that target the hole had been identified as of Tuesday, but malicious hackers could easily use it to place malicious programs on Mac systems, or take information from those systems, Ullrich said.

"Apple takes security very seriously," a spokesperson told eWEEK. "We're working on a fix so that this doesn't become something that could affect customers."

The company advises Mac users to only accept files from vendors and Web sites that they know and trust, the spokesperson said.

News of the Safari hole follows a parade of new, non-Windows attacks began on Feb. 16, when security experts identified Leap.A, the first virus for Apple's OS X operating system.

Leap spread over Apple's iChat instant message and prevented some Mac applications from loading.

A new OS X worm, named Ingtana, appeared Feb. 17, with two more variants cropping up on Feb. 21.

Ingtana is a proof of concept worm that spreads between Macs running OS X Version 10.4 over Bluetooth wireless connections.

The worm uses a known and patched Bluetooth hole called the OBEX Push vulnerability, according to anti-virus firm F-Secure Corp. in Helsinki, Finland.

The new threats are sowing confusion among Mac users unaccustomed to the drum beat of security warnings that Windows users have long since grown familiar with.

For example, Mac users were confused about the ISC's definition of "user interaction," in regard to the Safari hole, Ullrich said.

ISC defines "no user interaction" as an exploit that doesn't require the computer user take a specific action to get infected — like opening a file attachment or clicking a Web link.

However, Apple, like Microsoft, considers the phrase "no user interaction" to mean an exploit that can work even on a computer that is idle and unattended by a human, Ullrich said.

"It's an old issue on the Windows user side. They think [a threat] is not serious if it requires user interaction, like going to a malicious Web site," he said.

Apple Mac users have raised similar objections to Sophos over the company's descriptions of the Leap worm, Cluley said.

OS X users are a passionate — at times evangelical — group who sometimes construe security warnings about their operating system as dark plots from Windows-backers to discredit the platform, Cluley said.

"I think the problem is that people love Apple Macs. And they consider them superior to Windows. It's a minority choice, but one [Mac users] want to defend," he said.

Apple OS X has considerable security features built in, including a firewall and automatic update features that only recently became standard on the Windows platform, Ullrich said.

OS X also segregates user roles better than Windows, so that a user is less likely to be logged on as an administrator who can take any action on the operating system, he said.

Still, the string of security warnings will prompt some to reevaluate the security posture of Macs, Ullrich said.

"I think Mac users are having growing pains. They're realizing that they're vulnerable, too," he said.

Anti-virus vendors cautioned that the new threats were of little concern to most Internet users.

"This is really a warning shot across the bow. It's not something that going to cause serious problems to anyone," said Cluley.

Mac OS X users should start doing things that have been advised for Windows users for years: download and install regular security updates, use a desktop firewall and install anti-virus software, Cluley said.

"The chance of encountering any of these [OS X] threats is low. But that doesn't mean you don't have to take security seriously," he said.

Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.

Copyright © 2006 Ziff Davis Media Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Media Inc. is prohibited.