As part of its current ad campaign, Apple suggests that Macs arent vulnerable to the same Internet security problems PCs are.
But according to a new study by security vendor Symantec, the number of vulnerabilities identified in Apples Safari browser in the first half of 2006 doubled over the prior six months—and it increased its window of exposure to Net-based exploits from zero days to five.
Microsofts Internet Explorer browser still has a longer window of exposure—the time between when code exploiting a vulnerability appears and when a fix is available—and a greater total number of security holes. But Apple “is headed in the opposite direction” with respect to its browsers vulnerability to Internet-based threats, says Dave Cole, director of Symantecs Security Response team.
Baseline contacted Apple last week requesting comment on the Symantec study, but the company did not provide a response by our Friday deadline.
The tenth edition of Symantecs twice-yearly Internet Security Threat Report, to be released Sept. 25, analyzes network-based attacks and known software vulnerabilities for the first six months of 2006.
According to the report, the window of exposure for Apples Safari browser increased from zero days in the second half of 2005 to five days in the first half of 2006. The number of vulnerabilities identified for Safari doubled, to 12 in the first half of 2006 compared with six the preceding six months.
Meanwhile, Internet Explorers window of exposure declined, from 25 days in the second half of 2005 to nine days in the first half of 2006. Vulnerabilities for IE increased for the most recent period, to 38 from 25. Cole says Microsoft cut IEs exposure window by issuing several “out-of-cycle” patches this year (Microsoft normally releases software updates once a month, on so-called Patch Tuesday).
