Mac OS X Will Become a Target, Symantec Warns

Its only a matter of time before Apples newly redesigned Mac operating system becomes a happy hunting ground for malicious hackers, according to a research report from security vendor Symantec.

The Symantec Internet Security Threat Report, which tracked malicious hacker trends between July and December 2004, said increased sales of the low-priced Mac mini to less security-savvy computer users will lead to a bigger risk.

“Generally speaking, the Macintosh operating system has been relatively immune to malicious activity, particularly compared to other operating systems like Linux and Microsoft. With the introduction and popularity of Mac OS X, however, Apple has become a target for new attacks and vulnerabilities,” the report stated.

“Mac OS X has begun to not only capture the attention of users but of vulnerability researchers as well,” the report added.

Over the past year, Symantec Corp. said it documented 37 “high-severity vulnerabilities” in Mac OS X, noting that the security holes were confirmed—and patched—by the Cupertino, Calif.-based Apple Computer Corp.

“The appearance of a rootkit called Opener in October 2004 serves to illustrate the growth in vulnerability research on the OS X platform,” Symantec added.

/zimages/6/28571.gifRead more here about Apples recent Java patch for Mac OS X.

Additionally, the report said multiple remote and local vulnerabilities have been disclosed that affect both the server and desktop versions of OS X.

“The various OS X vulnerabilities allow attackers to carry out information disclosure, authentication bypass, code execution, privilege escalation, and DoS [denial of service] attacks,” Symantec added.

Over the last year, Apple has adopted a monthly security patching schedule, much like the updating cycle adopted by Microsoft Corp.

/zimages/6/28571.gifClick here to read Larry Seltzers opinion on Microsofts patch process.

During the six-month period, Symantec said flaws in the Apple windowing system and development kit and in the Apple default Apache configurations also had to be patched.

“Contrary to popular belief, the Macintosh operating system has not always been a safe haven from malicious code. Out of the public eye for some time, it is now clear that the Mac OS is increasingly becoming a target for the malicious activity that is more commonly associated with Microsoft and various UNIX-based operating systems,” Symantec warned.

Symantec believes that as the popularity of Apples new platform continues to grow, so too will the number of attacks directed at it.

However, Symantec said that while the number of vulnerabilities in the Mac OS X will increase, they will likely be outnumbered by vulnerabilities in other operating systems for some time to come.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.