Mac Attack — We’re Not Talking Hamburger

A flaw in QuickTime, which comes bundled in the Mac operating system, exposes the MacBook to zero day attacks. And you thought only PCs were vulnerable, didn’t you? As I’ve written before [for example, see my post entitled “How Safe Is Your Mac? What Must You Do Now to Secure It?”] regarding the fact that the Mac has long been just as vulnerable as the PC, but it has had such a small market share it was not seen as a target of much opportunity. But as it has gained momentum, that has changed.

Of course, offering a $10,000 bounty to discover such a flaw tends to ratchet up the interest level quite a bit. TippingPoint, which sells intrusion prevention systems, had offered a $10,000 prize for a Mac zero-day vulnerability to make the CanSecWest contest in Vancouver, British Columbia more appealing to hackers. TippingPoint–part of 3Com–is soliciting hackers to report vulnerabilities in exchange for money. If a valid bug is found, TippingPoint will notify the maker of the flawed product and update its security products to protect users against exploitation of the flaw until an official patch is released.

Security monitoring company Secunia deems the flaw “highly critical,” one notch below its most serious rating. “This can be exploited to execute arbitrary code when a user visits a malicious Web site,” Secunia said.

Apple has declined to comment on the MacBook hack specifically. Further details on the flaw are being kept confidential until Apple patches it.

So what’s the real difference between the Apple and the PC? Both are vulnerable to serious security flaws. From the viewpoint of the marketplace, the biggest difference is that when a flaw is found which affects an Apple product, it’s addressed and fixed as a top priority. Microsoft, on the other hand, seems astonishingly indifferent and tends to deal with security exposures only when it is good and ready.


To return to the main page of the blog, click here. To return to the blog Index, click here.

WordPress Themes