Measuring up the Security Risks for Mac – Are Apple Prepared?

Outsmart Malicious Hackers


The fact is Windows is getting ripped apart with viruses, spamware, spyware, zombie clients, trojans worms and whatever else you can think of.

Mac and Linux aren’t (at the moment), there are already Bluetooth viruses, so why not Linux and Mac..

Some may say it’s because they are inherently more secure, the architecture and user privelege seperationg means it’s hard for any kind of malware to infect the system…plus they don’t come with crap like Internet Exploder that’s tied into the operating system.

There have been a couple of worms for Linux, mostly praying on Apache, and then the OpenSSL bug that allowed you to get access (combined with the kernel flaw in 2.4 you could easily get root access).

eWeek asks, What will Apple do when the malware comes? Which inevitably it will..

The release in the last few days of malware for the Mac and Linux underscore some old issues about how it is possible to have malware on those platforms. I have some new thoughts though. I’ve begun to wonder what Apple would do if a real problem developed.

To be very clear, a real problem has not yet developed, and Inqtana.A and Leap.A are not a real problem, except to the extent that they may be bellwethers. They are more interesting for what they suggest than what they actually do.

As with Windows, a lot of it is a consumer issue, and down to education.

With Mac, the user does run as a non-priveleged user by default, but when installing any software they can just pop in the Admin password and it’ll install.

It’s all about social engineering, making the user believe they want it, it’s something ‘cool’ or useful.

When good social engineering attacks are developed for the Mac, the same thing will happen. It’s not hard to imagine Web sites and e-mails offering programs for the Mac that do more than they claim to do.

Just in terms of adware, there may be some benefit to being able to deliver known Mac users to advertisers, but for the most part the “value” of infecting the user is the same: to spread itself, and perhaps to create a Mac botnet.

Few have tried to write Malware for OSX yet, but I guess it will happen, the question is are Apple prepared?

Posted in: Apple, Linux Hacking

, , ,


Latest Posts:


BootStomp - Find Bootloader Vulnerabilities BootStomp – Find Android Bootloader Vulnerabilities
BootStomp is a Python-based tool, with Docker support that helps you find two different classes of bootloader vulnerabilities and bugs.
Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018 Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018
Google is ramping up its campaign against HTTP only sites and is going to mark ALL Non-HTTPS sites insecure in July 2018 with the release of Chrome 68.
altdns - Subdomain Recon Tool With Permutation Generation altdns – Subdomain Recon Tool With Permutation Generation
Altdns is a subdomain recon tool in Python that allows for the discovery of subdomains that conform to patterns. The tool takes in words that could be present in subdomains under a domain (such as test, dev, staging) as well as takes in a list of subdomains that you know of.
0-Day Flash Vulnerability Exploited In The Wild 0-Day Flash Vulnerability Exploited In The Wild
So another 0-Day Flash Vulnerability is being exploited in the Wild, a previously unknown flaw which has been labelled CVE-2018-4878 and it affects 28.0.0.137 and earlier versions
dorkbot - Command-Line Tool For Google Dorking dorkbot – Command-Line Tool For Google Dorking
dorkbot is a modular command-line tool for Google dorking, which is performing vulnerability scans against a set of web pages returned by Google search queries in a given Google Custom Search Engine.
USBPcap - USB Packet Capture For Windows USBPcap – USB Packet Capture For Windows
USBPcap is an open-source USB Packet Capture tool for Windows that can be used together with Wireshark in order to analyse USB traffic without using a Virtual Machine.


5 Responses to Measuring up the Security Risks for Mac – Are Apple Prepared?

  1. kurt wismer March 17, 2006 at 2:38 pm #

    “Mac and Linux aren’t (at the moment), there are already Bluetooth viruses, so why not Linux and Mac..”

    there ARE mac and linux viruses…

    there are a number of popular myths about viruses for the mac that deserve to be debunked

  2. Darknet March 17, 2006 at 3:43 pm #

    kurt: Thanks for the spam, but read the article. I didn’t say there were NO viruses, I didn’t say OSX or Linux was immune, I said the amount of viruses were LOW and their impact is minor compared to the shit Windows viruses are dishing out. Cheers :)

    To be very clear, a real problem has not yet developed, and Inqtana.A and Leap.A are not a real problem, except to the extent that they may be bellwether

  3. kurt wismer March 17, 2006 at 4:01 pm #

    the part of your post that i quoted does state that there were no viruses… perhaps you meant something else there, but the way i interpret “there are already bluetooth viruses, so why not linux and mac” is that there are no mac or linux viruses…

    perhaps it was just ambiguous…

  4. Darknet March 18, 2006 at 5:13 am #

    kurt: Yah I guess, I’ll try and be clearer, wasn’t trying to say there were none, just that the risk they pose is nowhere near as high as the risk generated from Windows malware.

  5. backbone March 18, 2006 at 2:12 pm #

    but let’s not forget that script kiddies scan thousands of IP addresses, mainly UNIX ones… and due to various flaws in rlogin they can gain access to UNIX sistems…