This site is supported by the advertisements on it, please disable your AdBlocker so we can continue to provide you with the quality content you expect.

Welcome to Our Community

Wanting to join the rest of our members? Feel free to sign up today.

Apple ranks first in software vulnerability

Discussion in 'Bar' started by slashvanyoung, Jul 22, 2010.

  1. slashvanyoung

    slashvanyoung Dopefish lives!

    Joined:
    Jul 18, 2006
    Messages:
    4,458
    Likes Received:
    2
    Trophy Points:
    38
    Location:
    Germany
    Secunia have released their half-annual top-ten of software vendors with the most vulnerabilities in their products.

    Apple comes in first this time:
    [​IMG]

    Major culprits for Apple achieving this questionable honour are vulnerabilities in Safari, iTunes and other applications.
     
  2. joeymusicguy

    joeymusicguy Member

    Joined:
    Sep 21, 2006
    Messages:
    3,744
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    indiana
    this is pretty questionable in my opinion

    i've never seen malicious software on mac, and i've only heard of 1 or 2 questionable instances where someone was affected in some way
     
  3. Jarkko Mattheiszen

    Jarkko Mattheiszen The FU guy.

    Joined:
    Jul 31, 2006
    Messages:
    6,524
    Likes Received:
    12
    Trophy Points:
    38
    Location:
    Lappeenranta, Finland
    It could very well be true, but the fact that Mac users are still a minority, and that the typical Mac user still differs a lot from the typical PC user (how many banks you know that run on Macs? or ISP's?) makes it quite an un-interesting target for the maliciously minded. We're pretty much safe because for now no-one bothers to harass us :)
     
  4. slashvanyoung

    slashvanyoung Dopefish lives!

    Joined:
    Jul 18, 2006
    Messages:
    4,458
    Likes Received:
    2
    Trophy Points:
    38
    Location:
    Germany
    Yes exactly, not every vulnerability gets exploited. Secunia is known for delivering legit results.

    It's really not so much Mac OS, as it's basically as vulnerable as most major OS. But their apps like Safari or iTunes, which are widespread throughout their devices.

    These results show that if Apple reaches bigger marketshares, they will have to improve on their software's security as it's anything BUT more secure than that of other vendors (contrary to popular believe).

    This emphasizes how much the user's perceived security with Apple products depends on lack of attacks.
     
  5. -Gavin-

    -Gavin- Gavornator

    Joined:
    Jul 21, 2003
    Messages:
    12,293
    Likes Received:
    61
    Trophy Points:
    48
    Location:
    Oulu, Finland
    Vulnerabilities != Malware/Virii

    Vulnerabilities can include exploitable holes in ANY software that can be remotely/locally exploited.

    The aim of the security industry is to find, disclose, patch before the bad guys do.

    OSX is BSD based and is as vulnerable as any OS. It is not programmed by gods... Apple make insecure programming mistakes too. You just don't hear about them on a mass scale like you do with Windows exploits because big business doesn't really use OSX for mission critical services.

    OSX is equally vulnerable, just no-one really cares... cause people mostly hack apple to prove a point than for any financial gain since it is still, on the whole, a "home user" OS.

    Before James comes in and yells at me... How often do you see racks of OSX/Apple servers in organisations? That was my intent with this. Not saying OSX is less valid than anything else.... just it's not used in hacker-centric targets much.
     
  6. -Gavin-

    -Gavin- Gavornator

    Joined:
    Jul 21, 2003
    Messages:
    12,293
    Likes Received:
    61
    Trophy Points:
    48
    Location:
    Oulu, Finland
    Ah. Jarkko covered my point already. :lol:
     
  7. James Murphy

    James Murphy Member

    Joined:
    Mar 26, 2002
    Messages:
    4,481
    Likes Received:
    1
    Trophy Points:
    36
    yada yada yada... been hearing these stories for years.... and the problems they portend just never seem to materialize.... so to me it really doesn't matter if the story is true or not.

    anyway, there have been enough mac haters out there for years now... really, it's waaay disproportionate to Apple's actual market penetration... so i just don't believe that no one is trying to propagate mac malware and viruses.... just don't buy that one.


    just to be crystal clear, i have already conceded that the story could be true... i'm non-committal on that point. I'm just saying that functionally, for me anyway, whether or not it's true makes no difference at all.
     
  8. Ermz

    Ermz ¯\(°_o)/¯

    Joined:
    Apr 5, 2002
    Messages:
    20,382
    Likes Received:
    30
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    There ye go. Their own real-world analysis of the results.

    Also:

     
  9. EerieVon

    EerieVon Member

    Joined:
    Dec 4, 2006
    Messages:
    1,293
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Syracuse, NY
    There are a lot of things labeled as vulnerabilities that aren't exploitable per se. I am not defending Apple--not a fan. But everything has vulnerabilities, whether it be OSX, Linux, Windoze, etc. Windows just happen to have more written because they control more of the server and desktop markets but there has been a rise in Apple based vulnerabilities in recent months.
     
  10. -Gavin-

    -Gavin- Gavornator

    Joined:
    Jul 21, 2003
    Messages:
    12,293
    Likes Received:
    61
    Trophy Points:
    48
    Location:
    Oulu, Finland
    The iPhone has had multiple "Malware" issues, even on unjailbroken phones.
    (http://www.engadget.com/2007/07/23/safari-exploit-gives-hackers-full-control-of-your-iphone/)

    The reason? It's a mainstream device.

    And to bring jailbreaking into it... Jailbreaking is a pretty extensive bootrom hack that has major effects on the device, positive or not is not an issue for debate... but for every iPhone version since around about 1.1.1, there has been gaping secure-design flaws that allow an ENTIRE COMPRIMISE.
    Worse is they (Apple) have tried to combat it by fixing it with software updates just for a new one to be discovered indicating that even when having a security hole rubbed in their face, they are just as inept as most other manufactures at securing their products that consumers put their trust in.

    Again, this happens cause there is a tangible gain for attacking iPhone/iPods... the public use them on a large scale unlike say Mac which is generally creative arts and home users (Speaking generally of course).

    And no, not every vulnerability is exploited but here is the kicker... Only a VERY SMALL percentage of vulnerabilities are disclosed to the vendors by security researchers. Many more are circulating unpatched in the cyber-criminal underworld being exploited for gain that will never be "reported". This is true for all OS/Devices/Security holes.

    ALWAYS assume that just because the public/vendors are not aware of any open critical vulnerabilities, it does not mean that they are not already being exploited by the bad guys.

    This notion that OSX is more secure than anything else is a joke.
     
  11. John_C

    John_C formerly Skeksis268

    Joined:
    Dec 30, 2008
    Messages:
    3,457
    Likes Received:
    1
    Trophy Points:
    36
    Location:
    Coventry, UK
    What about Linux malware? Linux has a massive share in the web server market
     
  12. James Murphy

    James Murphy Member

    Joined:
    Mar 26, 2002
    Messages:
    4,481
    Likes Received:
    1
    Trophy Points:
    36
    Be that as it may Gavin, again... and as an iPhone owner in this case... i've yet to have any kind of issue any more serious that an application i downloaded turning out to suck. when this happens I delete it and move on. same with every other iPhone owner i personally know, at least insofar as they've bothered to tell me.

    I'm not doubting what you are saying... i mean, you say it with authority and your lingo sure makes it sounds like you know what you're talking about, and i believe that on the technical side of things you do, but in my practical experience it's all just much ado 'bout nothing.

    i guess what i'm trying to say is that my 15 years of virtually trouble-free mac use has made far more of an impression on me than all your rhetoric thus far... irrespective of whether or not it's all true (and i'm not saying that i doubt any of it)... and considering that this track record appears to be continuing unabated, well... i guess i'll just have to learn the hard way. ;)

    FTR, i don't see that happening any time soon.
     
  13. Jarkko Mattheiszen

    Jarkko Mattheiszen The FU guy.

    Joined:
    Jul 31, 2006
    Messages:
    6,524
    Likes Received:
    12
    Trophy Points:
    38
    Location:
    Lappeenranta, Finland
    Trust me, Gavin knows his shit. And he's a passionate lover!
     
  14. James Murphy

    James Murphy Member

    Joined:
    Mar 26, 2002
    Messages:
    4,481
    Likes Received:
    1
    Trophy Points:
    36
    and a very aromatic one as well, i hear, :lol:
     
  15. updog

    updog Member

    Joined:
    May 9, 2009
    Messages:
    3,741
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Finland
    How do you rank stuff like this anyway? Why is Apple ranking first? And Mozilla doesn't have ANY vulnerabilities anymore, is that what that chart is saying?

    Well, I sure am glad I'm using Firefox. :lol:
     
  16. Jarkko Mattheiszen

    Jarkko Mattheiszen The FU guy.

    Joined:
    Jul 31, 2006
    Messages:
    6,524
    Likes Received:
    12
    Trophy Points:
    38
    Location:
    Lappeenranta, Finland
    It's a small sacrifice for the endless nights of pleasure. Oh, wait, Apple vulnerabilities, yeah.

    From the chart it seems that we've been more vulnerable than Microsoft users since (at least) year 2005, with the exception of 2006, but as long as it doesn't show in my everyday Mac-using life, I'm content. I never said "MAC USARS ARE INVULNIRABILE LOL EAT SHITS MICORSOFT", but "These things haven't bothered me since I got a Mac." That's enough for me :)
     
  17. -Gavin-

    -Gavin- Gavornator

    Joined:
    Jul 21, 2003
    Messages:
    12,293
    Likes Received:
    61
    Trophy Points:
    48
    Location:
    Oulu, Finland
    Malware is not just viruses or adware. The sooner people realise this, the sooner we can get more secure browsing standards in place.

    A security hole can be exploited by a one shot script/program that causes a specific corruption and allows running of arbitrary code. This can be a python script that sends a buffer of a specific length over a socket that causes the program to crash in such a way that the first 4 bytes after the initial memory overrun can be sent as a memory address that point back to what is known as shellcode (placed exactly in the buffer by said attacker) and cause that to be executed resulting in any number of attacker-chosen actions such as user add, send a cmd/bash shell back to the attacker (defeating NAT), open a port for another attack etc.

    These are not often "visible" to the user and can go entirely unnoticed, even by the most prudent system admin.

    What I described was a Buffer Overflow (Get used to learning how to calculate buffer sizes and mallocs in C when you start!) and is probably the simplest software based vulnerability to find/exploit.

    Here are a SMALL selection of publicly available exploits for OSX:
    http://www.exploit-db.com/platform/?p=osX

    Vulnerabilities are not just in the OS but are often found more commonly in third party software which is what makes a Mac just as (in)secure as any other machine.

    And yes, I just got done spending 6 hours discovering a hole in a Red Hat system and knocking up a python script that returned me a root bash shell as part of an exercise on a certification I am undertaking (In a lab).
     
  18. James Murphy

    James Murphy Member

    Joined:
    Mar 26, 2002
    Messages:
    4,481
    Likes Received:
    1
    Trophy Points:
    36
  19. John_C

    John_C formerly Skeksis268

    Joined:
    Dec 30, 2008
    Messages:
    3,457
    Likes Received:
    1
    Trophy Points:
    36
    Location:
    Coventry, UK
    This is really quite an amusing situation. Apple's protection is in it's small user base. As they expand their user base they steadily lose one of their core advantages.
     
  20. -Gavin-

    -Gavin- Gavornator

    Joined:
    Jul 21, 2003
    Messages:
    12,293
    Likes Received:
    61
    Trophy Points:
    48
    Location:
    Oulu, Finland
    It's what I do :lol:

    And the smell of those shoes still haunts me to this day :(
     

Share This Page