SANS: Apple OS security slipping

Cybercriminals have developed many new exploits to compromise Apple Computer’s OS X operating system, including a zero-day attack, the SANS Institute said in a new report released today.

“OS X still remains safer than [Microsoft] Windows, but its reputation for offering a bulletproof alternative to Windows is in tatters,” said Alan Paller, the institute’s director of research.

In the report, Paller and other experts discussed security problems highlighted in the institute’s spring 2006 update to its Top 20 Internet Security Vulnerabilities list.

Other trends include:

  • A huge decline in attacks on the Windows operating system, offset by rising attacks on application vulnerabilities.
  • Ongoing discovery of new zero-day attacks on Microsoft’s Internet Explorer Web browser. Such attacks exploit vulnerabilities before the software developer can release a patch and sometimes even before it is aware of the weakness.
  • Continuing fast growth of critical vulnerabilities in Mozilla’s Firefox Web browser and other Mozilla software.
  • A wave of low-cost zero-day attacks that install spyware and adware on computers.
  • Rapid growth in attacks that seek to directly access databases, data warehouses and backup data.
  • More attacks using doctored files, including media, image and Microsoft Excel files.

A growing nontechnical threat is a type of phishing attack known as spear phishing in which hostile nation-states target specific individuals and organizations, Paller said.

Spear phishing often involves imitating a senior official at an organization to persuade recipients to disclose sensitive information or download software. The attacks are doing particular damage in the defense and energy industries, Paller said.



  • Workforce
    online collaboration (elenabsl/

    Federal employee job satisfaction climbed during pandemic

    The survey documents the rapid change to teleworking postures in government under the COVID-19 pandemic.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    OPM nominee plans focus on telework, IT, retirement

    Kiran Ahuja, a veteran of the Office of Personnel Management, told lawmakers that she thinks that the lack of consistent leadership in the top position at OPM has taken a toll on the ability of the agency to complete longer term IT modernization projects.

Stay Connected