Share

Downloads

Related Links

  • Intego
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • iPhone banking trojan creates botnet from Apple devices
    A third piece of iPhone malware has appeared, pushing the envelope further than ever before by creating a botnet of infected devices and acting as a banking trojan.
  • The iPod and iPhone could be used for hacking
    Applications on the Apple iTunes website are arguably what makes the iPhone so popular in mobile phone circles, but a growing number of users are unlocking (jailbreaking) their iPhones, for the simple reason that it opens up the mobile to third-party applications. This means the iPod and iPhone could be used for hacking.
  • Apple moves swiftly to fix iPhone security flaws
    A potentially serious iPhone security flaw identified by researchers at the Black Hat security briefings in Las Vegas last week has been quickly patched by Apple Computer.
  • Apple claims unlocking iPhones could knock out cell sites
    Apple has reportedly caused a stir in copyright circles over claims that unlocking its iPhone handset from the partner network could cause the mobile to crash cellular base stations and even allow users to make free phone calls.
  • Black Hat: major iPhone hack to be revealed today
    You could never describe the Apple iPhone as totally secure, given the number of jailbreaks that crackers have developed to unlock the popular handset from its partner networks, but researchers at the Black Hat security conference are scheduled to reveal a serious chink in the mobile's armour today.
  • iPhone may be weak link in company information security defences
    Research commissioned by DeviceLock, the end point security company, claims to show that many firms are failing to act on the information security risks that the Apple iPhone poses to their IT resources.
  • Apple releases Safari 4.0 to counter security flaws
    Apple Computer has released v 4.0 of its increasingly popular Safari web browser for Windows and Mac OSX-based computers. The release counters the recent security flaws reported in CFNetwork, CoreGraphics, ImageIO, International Components for Unicode, libxml, Safari, Safari Windows Installer, and webKit

Top 5 Stories

News

Security and malware threats to Mac and Apple products are on the rise

27 January 2010

An annual report from security software provider Intego acknowledges it was a busy year for security threats to Apple devices, including the Mac OS X and iPhones. And while the Mac OS may be a less frequent target of malware authors, security threats to Apple products are proliferating as these devices land in the hands of more and more users.

It did not take long in 2009 for Mac-targeted malware to surface and compromise security, according to the report by Intego. Malware authors directed their efforts at Apple’s iWork ’09 software shortly after its release in January. “The iServices Trojan Horse was provided as an additional installation package inside an installer for iWork found on BitTorrent trackers and other sites containing links to pirated software,” the report suggests.

Intego’s data show that approximately 20 000 users had downloaded the infected image from these BitTorrents, causing the iServices Trojan to open “a backdoor on infected Macs,” and connecting them to “remote servers to download new code. It was actively used as part of a botnet that was involved in DDos attacks.”

Other malware threats targeting Apple products in 2009 included Trojans for Adobe Photoshop CS4 for Mac, and the April discovery of proof-of-concept malware named Torred.A. This malware targeted user’s address books and distributed copies of the malware to the user’s recent email recipients.

A deluge of security threats were aimed at the Mac OS X in 2009, especially when compared with previous years. While the Intego report admits that the Mac OS X is “more secure than Windows,” the company cautioned that the Mac OS contains a number of flaws that required Apple to issue numerous security updates throughout the year. Among the 2009 patches: flaws in web browser Safari’s handling of RSS feeds, among 50 other Safari security problems fixed during the year; patches for PDF vulnerabilities; patches for an iTunes security threat in March and September; numerous patches for QuickTime flaws/bugs in June and September; and an August security update for the Apple GarageBand program.

This series of security threats – combined with the fact that Apple products are being increasingly targeted by malware authors due to its increasing market share – led Apple to break with its claims that malware presents no real threat to Mac operating systems. Mac products now include a security disclaimer acknowledging that “no system can be 100 percent immune from every threat,” and that “antivirus software may offer additional protection.”

“Mac market share is increasing”, an Intego spokesperson told Infosecurity, “and Mac users are less security-savy than Windows users.” When asked if Mac users are no longer immune to the malware security threat, the same spokesperson was rather blunt: “No, and they haven’t been for years”, further adding that these types of security threats are “the norm now for Macs.”

Intego was not surprised by this security threat admission from Apple, and the company was quick to criticize the Mac’s new built-in anti-malware features. According to Intego, the security features for the new Snow Leopard operating system had “limited scope and effectiveness”, especially in light of the fact that the anti-malware features “only scanned files downloaded with a handful of applications, only when those files were double-clicked or opened, and only scanned for two Trojan horses.”

As for iPhone security, Intego would not speculate as to the nature of specific threats that may target the device in 2010. Its report reviewed several iPhone security issues from the past year, nearly all stemming from users that “jailbroke” their phones, meaning that they removed Apple’s restrictions on installing third-party applications that are not provided via the iTunes store. Intego notes that, for the time being, “the iPhone, unless jailbroken, has not seen any malware, though there have been vulnerabilities that have required security updates for the iPhone OS.”

When asked how users could protect their iPhones from security threats, Intego’s response was straightforward: tell users “don’t jailbreak their iPhone.”

This article is featured in:
Application Security  •  Internet and Network Security  •  Malware and Hardware Security  •  Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×