Apple Needs To Change Its Message On Security

 
One of the fallacies that seems to persist in the modern world is that Apple's machines are impervious to security breaches. Its repeated by Apple fans and fan sites; and has been a traditional part of  Apple's own marketing materials.
 
The last forty-eight hours has seen the publication of two severe vulnerabilities that are just an unsuspecting click away.
 
The first (two actually) use a simple web link to take over the device's firmware, potentially allowing an attacker to damage the device beyond the ability of a normal (or even semi-technical) user to restore.
 
The second was introduced with OS X Yosemite's error logging tool and allows an attacker to install software to the machine without the user's knowledge. That payload could be anything from key loggers to adware and unlike the first exploit this one is in the wild today.
 
OS X has never been more or less secure than any other OS. The one advantage of having a smaller market share has been that Macs have been a less attractive target for attackers. Those days are gone and Apple's security message has been well and truly debunked.

0 comments: