FireEye has found more than its fair share of zero-day vulnerabilities on Microsoft Windows platforms in recent years. Now, the security specialist is adding Apple’s desktop operating system to its purview, in a bid to find bugs in OS X.
The timing couldn’t be better. As Apple’s operating system adoption continues to grow, attackers are increasingly taking aim at Mac OS X. So far in October, one new malware threat dubbed “iWorm” has emerged against OS X.
FireEye is adding support for Apple Mac OS X on its Network Security Prevention (NX) and Forensic Analysis (AX) platforms.
How the detection engine works is not directly tied to an OS X endpoint agent, according to Ivan Oprencak, director of product marketing at FireEye. “The solution today is a network traffic approach,” Oprencak told eWEEK. “So if you’re browsing the Web and download something with malware inside of it, that malware will go through our MVX [Multi-Vector Virtual Execution] engine to detonate it.”
The FireEye Multi-Vector Virtual Execution (MVX) technology leverages a secure virtual environment to inspect and analyze code for potential malware. If code is deemed to be suspicious and potentially malicious, it can be blocked.
“MVX will detonate the exploit inside of a virtual machine that is running on the NX platform,” Oprencak said.
That said, there is a plan on FireEye’s road map to provide an endpoint product for Mac OS X machines at some point in the future, he added.
Early Results
FireEye has been testing its Mac support with beta customers and has seen some interesting initial results.
“There was no new malware discovered, but what we have detected is an average of 385 callbacks per customer, per month,” Oprencak said. “So there definitely was malware present.”
Callbacks are indicators of compromise, as the Macs were attempting to connect into some form of botnet command and control system, he said. For the most part, the malware that FireEye detected on its beta customers’ systems were all variants of the Mac Flashback Trojan.
Mac Flashback first emerged in 2012 as a Java-related exploit that at one point affected half a million Apple OS X users.
With support for Mac in the FireEye technology platform, Oprencak expects that more zero-days will now be discovered in OS X.
FireEye has a solid working relationship with Microsoft that it has used over the years to collaborate on issues affecting Windows users. The expectation is now to have a similar relationship with Apple.
“Our plan is to do the same thing we do with Microsoft, but Microsoft is fairly used to getting these kinds of reports,” Oprencak said. “It’s not clear yet how Apple will react.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.