A newly discovered hole in the Mac OS X operating system that could potentially allow hackers to access a users files—and even delete them—has raised fresh doubts about the security of the platform.
The issue revolves around two URI handlers, “help” and “disk.” The first allows any AppleScript on the users machine to be run, while the second allows users to mount a disk image automatically over a network. In theory, this allows malicious users to create a Web page that will either download a small disk image onto a Mac or mount it remotely, then execute an AppleScript on the mounted image, which could contain any Unix command— including ones to remove any file in the users Home directory. The flaw works with any browser, including Safari, Internet Explorer, and Firefox.
Apple representatives could not be reached for comment on the issue. One Mac user claimed he had alerted the company to the problem in February and has yet to receive a response. In the past, Apple has declined to offer any public comment on security holes until it has released a patch.
The news caps six weeks that have highlighted the potential for security flaws in OS X, raising questions over its reputation for being more secure than Windows. In April, anti-virus company Intego announced it had discovered what it claimed was “the first Mac OS X Trojan Horse,” called MP3Concept. However, the company received heavy criticism from users when it was revealed that no example of the Trojan, which exploited the potential for embedding code in the ID3 tag of an MP3 music file, had been found in the wild.
Last week, the British magazine MacWorld discovered the first genuine OS X malware, an AppleScript application disguised as a demo for Word 2004. The malware, dubbed AS.MW2004.Trojan by Intego, was a simple 108KB AppleScript that took advantage of AppleScripts ability to execute Unix applications, running a command to erase the users Home folder when opened.
Although the newly discovered hole represents bad news for Apple users, the platform still remains relatively unexploited compared with Windows. Commenting on the earlier Word Trojan, Denis Zenkin, head of corporate communications for Russian anti-virus company Kaspersky Labs, pointed to the sheer number of exploits, both simple and complex, for Windows compared with OS X: “During 15 years of our experience of battling against viruses we have accumulated hundreds of such Trojans for Windows.”
Nik Rawlinson, editor of MacUser magazine in London, said that the spate of security scares on the Mac was mostly hot air. “The Web went mad when news of the first Mac Trojan emerged and the usual pack of detractors came out to gloat,” he said. “For most of us, though, it was no surprise it turned out to be a lot of excitement over not very much at all. Mac OS X remains the most secure operating system you can buy.”
However, Thomas Kristensen, chief technology officer of security company Secunia, of Copenhagen, Denmark, cautioned Mac users against overconfidence about the level of security on OS X compared with Windows. “All operating systems and software have flaws, and its dangerous to categorize one OS as more secure than another.”
And, Kristensen said, the fact that Apple has concentrated on ease of use may well work against it in the security stakes. “Unless a system is built from the ground up with its focus on security, youre going to have plenty of holes. Apples focus with OS X is ease of use first and foremost.”