Just because you use a Mac, don't think you're any more secure than a Wintel user.
A sharp increase in the number of flaws discovered in Mac OS X suggests that the operating system from Apple Computer Inc. may soon be every bit as prone to malicious attacks as Windows, according to a report released last week by the SANS Institute, a Bethesda, Md.-based security training and research firm.
Mac OS X is still safer than Windows because its smaller installed base makes it a less attractive target for hackers. But the number of flaws discovered in OS X is leaving its reputation as a secure alternative to Windows "in tatters," according to the SANS semiannual update to its list of top Internet vulnerabilities.
"Users often feel invincible when they have their shiny silver-colored Apple and they are surfing the Web with it," said Ed Skodis, a director at SANS. But that may be a mistake, because "there's a significant amount of research going on for security vulnerabilities in the Mac OS," he noted.
About 52 vulnerabilities were discovered in Mac OS X in 2005, and 17 have been uncovered so far this year, said Amol Sarwate, manager of the vulnerability management lab at Qualys Inc., a Redwood Shores, Calif.-based security service provider that contributed to the study.
The number of vulnerabilities reported last year was more than double the 2004 total of 24 flaws, Sarwate said. At least a third of the flaws uncovered over the past year or so were considered critical, Sarwate said. Within the past few months, Apple's Safari Web browser has also faced its first attack targeted at an unpatched vulnerability.
Apple's increasing market share and its decision to use Intel Corp. chips have drawn increased hacker attention to OS X, Skodis said. Similarly, Apple's new Boot Camp, which allows Intel-based Macintoshes to run Windows XP, has also raised its risk profile, he added. Apple did not respond to requests for comment by press time.
The SANS study also showed that while the Firefox browser is still somewhat safer than Microsoft Corp.'s Internet Explorer, it's no panacea. According to SANS, over the past six months, users of Firefox and Mozilla have had to patch a number of critical vulnerabilities.
At the same time, there appears to be a significant decline in vulnerabilities being reported in Windows services. But that decline has been offset by a sharp increase in client-side flaws, Sarwate said.