Print 65 comment(s) - last by djtechsupport.. on Aug 6 at 2:05 PM

A recent Secunia study indicated that Apple had the most vulnerabilities of the major tech companies  (Source: Secunia)

Apple's Safari browser happily will fill in your personal info to malicious web forms. This glaring flaw can lead to an unacceptable breach of privacy.  (Source: Jeremiah Grossman)
"It just works." -- Apple slogan

Apple is known for its tendency to deny problems with its popular gadgets, making life miserable for customers when such problems occur.  While Apple's iPhone 4 antenna issues are currently stealing the show, there's perhaps no better example overall than Apple's spotty track record on security.

Security research firm Secunia just released a list of vulnerabilities and Apple for the first has come out on top as the most vulnerable.  Secunia warns, "[The] graph is not an indication of the individual vendors’ security, as it is not possible to compare the vendors based on number of vulnerabilities alone."

Apple's supporters were quick to attack the report.  
AppleInsider writes:

Not all vulnerabilities are equal: Secunia outlines five levels of criticality ranging from minor "not critical" issues to "extremely critical" problems that can result in remote exploits without any interaction from the user, and for which active exploits are already known to exist. Yet Secunia's vulnerability report totals throw all these various types of flaws together into sums that are frequently used for meaningless comparison purposes. 

It's ironic that almost simultaneous to the report another significant security flaw in Safari aired.  Safari -- Apple's browser software -- has oft seen releases so buggy to the point that they were unusable.  Safari 5 certainly offered some improvements in that department, but it apparently doesn't fair particularly better in the security department than past releases, including Safari 4 which had a flaw so severe it prompted a Department Homeland Security warning.

While the latest Safari bug isn't as bad an exploit as some go, considering it's not a route to installing malware, it can result in the theft of your personal info.  It all starts with one of Apple's features in Safari -- autofill.  Different from the standard browser's autofill, which remembers users names and passwords for certain sites, Safari has an even more ambitious autofill which maintains info about a user in their address book card and offers up these details when needed.

Unfortunately, Apple didn't appear to realize that it was necessary to screen what it allows to access this data.  Security researchers revealed that a simple web form can grab much of this data -- first name, last name, work place, city, state, and email address -- no questions asked.

Such info could be used in phishing schemes.  It could also be used in blackmail schemes if the users were visiting naughty websites.  Ultimately, it represents a gross threat to privacy that easily surpasses Apple's recent loss of iPad buyers' email addresses (a problem that was largely carrier AT&T's fault).  Apple was informed of the problem on June 17, 2010, but since has done nothing.

The flaw was discovered by Jeremiah Grossman, founder of WhiteHat Security.

Security problems are hardly something new for Apple though.  The iPhone has increasingly been attacked.  One security researcher suggested its security was so poor that it was "useless" to businesses.  Apple has made some improvements with each release of its iPhone OS, but they didn't stop malicious worms from cropping up in the iPhone 3GS generation.

On the computer side, Apple also has had numerous past issues.  Its weak memory protections in its past two operating systems -- Tiger and Snow Leopard -- have spawned a number of successful attacks.  Worse yet Apple's latest OS -- Snow Leopard -- shipped with an outdated vulnerable version of Adobe Flash.

Apple has made some gains -- its new OS does come with mild antivirus protections (though Apple quietly recommends users purchase dedicated AV software).  And the OS does offer working DEP (data execution prevention), though it ships with a virtually broken address space layout randomization (ASLR) implementation (which rival Microsoft's Windows 7 flawlessly implements).

Ultimately, though what is really killing Apple is its slow patch time.  Apple's "there is no problem" mentality has made it the slowest company at patching, according to recent surveys.  It took it a year to finally last year (June) patch a major Java hole.  Unfortunately, such performance is more the rule than the exception to it.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Meanwhile in the real world....
By themaster08 on 7/25/2010 4:21:58 AM , Rating: 2
In reality using a Mac is much safer than using a Windows PC and many millions of people know that, hence the steady rise in Mac sales.
Like the poster above, I fail to agree that the increase in Mac sales is due to increased security. However I do think that it may be a contributing factor, if only an insignificant one.

This means that many millions of people (and businesses) have had real and actual experience of being attacked and compromised whilst using a Windows PC whilst almost no one has had a similar actual experience using a Mac.
Whilst that maybe true, consumer and business adoption of Macs compared to Windows machines is absolutely miniscule. If Windows is causing their machines to be compromised, why is it that most continue to use Windows?

I'm sure you'll agree that the only way to realise the true security of OS X would be for Apple to allow it to be installed on any computer. However, due to Apple's business practices and inconsideration for the needs of the tech community, this will never happen. Benefitting society is non-essential to Apple. Profit is the only determinant that drives them.

Anyone advising her to use a Windows machine like that would be asking for trouble but you can do that with Macs safely - I have seen many people do just that and nothing bad has ever happened to them
The same goes for Windows. I know many people (including many non-techies) that have had absolutely no problems with the operating system. Why is that? Common sense prevailed.

Their anti-virus program was kept up-to-date. They visit and download from only trusted sites. If they felt a specific program was untrustworthy they had the sense to ask. They weren't swayed by pretty emoticons for their IM program. They use programs such as Web of Trust so they know which websites are secure.

It might come as a surprise to you, but there are many tech illiterate people out there that live in a world of common sense and consequence, that includes the use of the internet.

Every single person knows that the internet can be an extremely dangerous place, and most are aware of the consequences, yet people will blindly browse the web, downloading whatever makes their IM program look pretty. I'm afraid, for those people, it really doesn't matter what platform they choose to use, they will always be vulnerable, and rightfully so, because they're idiots.

They're the type of people that would enter their credit card details into a fraudulent site and have their bank details and funds compromised. No platform is going to help those people.

Most of the consuming public are like the hypothetical mum above. They want to get tech gadgets out of the box, including computers, and expect to be able to just turn them and use them safely. And why shouldn't they expect that?
I agree, everyone should expect that, but like anything, you need to be aware of what's going on around you and the dangers that may strike. We live in a world of consequence, and that includes the internet. A little common sense can go a long way.

I think consumers got tremendously tired of tech kit that didn't work, or was really complex to use, or needed tweaking and constant vigilance and care. Apple, after the return of Jobs, deeply recognised this and tried to make kit that came closest to being the sort or kit people wanted.
I'm sorry, but you make it sound as though setting up any machine except for a Mac is as complicated as configuring some mid-90's Linux distro. If you're referring to Windows in a similar context, you couldn't possibly be further from the truth. When was the last time you actually used Windows?

next quarter Mac sales will be up again and Apple will probably have higher revenues than Microsoft.
Next quarter will also see another rise in Windows 7 sales, which has already surpassed 175 million licenses. Didn't you hear? Microsoft just posted their biggest Q4 earnings in their history, eclipsing that of Apple's. I expect more record breaking quarters to come, especially during the holiday season.

By Tony Swash on 7/25/2010 11:10:21 AM , Rating: 1
I'm sorry, but you make it sound as though setting up any machine except for a Mac is as complicated as configuring some mid-90's Linux distro. If you're referring to Windows in a similar context, you couldn't possibly be further from the truth. When was the last time you actually used Windows?

Actually I just reinstalled Windows 7 because the previous install crapped out (Dell hardware problem) and have used and installed every version of Windows since Windows 95. Windows always feels like its been designed by a committee of engineers working to a deadline (which is probably an accurate picture).

Lots of counterpoints to my argument but little time to cover them all (I am on my vacation guys! currently Taos NM) so here are a few points.

I don't buy the security through obscurity - what tech company could be less obscure than Apple right now. The million macs sold each month are probably going to people from a higher than average income bracket and to lots of creative professionals - a juicy target. Yet no real world exploits.

Ultimately it doesn't matter if Windows is more or less secure than Macs - the history of Windows has completely tarnished the brand in the public's mind as far as security goes.

As for market share - a couple of points. First broadly Mac user don't much care about market share (although overtaking Windows would please us) what we care about is the health of Apple and the health of the Mac platform. Both of which are truly excellent. This is because our main concern by far is that we can continue to use our macs and never be forced to use windows.

Secondly just before Jobs returned to Apple he was asked what he would do if he ran Apple (which was teetering on the edge of going bust at the time) and he said he would "milk the mac for all he could whilst looking for the next big thing" and one cannot but help feel he has done just that. The Mac platform is now healthy and secure (as a viable platform in the market), it has a great rep amongst the buying public and Mac sales continue to grow healthily. Meanwhile Apple has moved strategically to be a major and possibly dominant player in the new post-desktop world of mobile device computing.

So Apple fans are very pleased with the shape of the world right now.

Why and how Apple has succeeded so astonishingly well (and I think we can all agree that Apple under Jobs has been one of greatest business turn-arounds in history) and why Apple infuriates so many techies is avery interesting story and one I hope to post more about when I come back from my current vacation.

Till then keep well. I do hope the sunshine comes out in Taos today!

"If you can find a PS3 anywhere in North America that's been on shelves for more than five minutes, I'll give you 1,200 bucks for it." -- SCEA President Jack Tretton

Most Popular ArticlesSmartphone Screen Protectors – What To Look For
September 21, 2016, 9:33 AM
UN Meeting to Tackle Antimicrobial Resistance
September 21, 2016, 9:52 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Update: Problem-Free Galaxy Note7s CPSC Approved
September 22, 2016, 5:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki