SANS: Apple OS security slipping

Cybercriminals have developed many new exploits to compromise Apple Computer’s OS X operating system, including a zero-day attack, the SANS Institute said in a new report released today.

“OS X still remains safer than [Microsoft] Windows, but its reputation for offering a bulletproof alternative to Windows is in tatters,” said Alan Paller, the institute’s director of research.

In the report, Paller and other experts discussed security problems highlighted in the institute’s spring 2006 update to its Top 20 Internet Security Vulnerabilities list.

Other trends include:

  • A huge decline in attacks on the Windows operating system, offset by rising attacks on application vulnerabilities.
  • Ongoing discovery of new zero-day attacks on Microsoft’s Internet Explorer Web browser. Such attacks exploit vulnerabilities before the software developer can release a patch and sometimes even before it is aware of the weakness.
  • Continuing fast growth of critical vulnerabilities in Mozilla’s Firefox Web browser and other Mozilla software.
  • A wave of low-cost zero-day attacks that install spyware and adware on computers.
  • Rapid growth in attacks that seek to directly access databases, data warehouses and backup data.
  • More attacks using doctored files, including media, image and Microsoft Excel files.

A growing nontechnical threat is a type of phishing attack known as spear phishing in which hostile nation-states target specific individuals and organizations, Paller said.

Spear phishing often involves imitating a senior official at an organization to persuade recipients to disclose sensitive information or download software. The attacks are doing particular damage in the defense and energy industries, Paller said.



  • Budget
    Stock photo ID: 134176955 By Richard Cavalleri

    House passes stopgap spending bill

    The current appropriations bills are set to expire on Oct. 1; the bill now goes to the Senate where it is expected to pass.

  • Defense
    concept image of radio communication (DARPA)

    What to look for in DOD's coming spectrum strategy

    Interoperability, integration and JADC2 are likely to figure into an updated electromagnetic spectrum strategy expected soon from the Department of Defense.

Stay Connected