Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intego's "Year In Mac Security" Report

Posted by kdawson on from the almost-popular-enough dept.

david.emery notes the release of Intego's "Year In Mac Security" report (PDF), adding: "Mac OS X and iPhones that haven't been jailbroken fare pretty well (although vulnerabilities exist, there's not been a lot of exploitation). Apple does come in for criticism for 'time to fix' known vulnerabilities. Jailbroken iPhones are a mess. The biggest risk to Macs are Trojan horses, often from pirated software."

8 of 132 comments (clear)

  1. Re:With great freedom comes great resposibility by rsborg · · Score: 3, Insightful

    Should it be any surprise that unmoderated software could introduce security vulnerabilities?

    Really, the main problem is that jailbreak processes don't try to change your default root password. So the vulnerability is that Apple supplied a default root password (that isn't workable without jailbreak), and the haxx0rs remove the protection but fail to force user to change or randomize (and remember/show to user) that password.

    Nothing bizarre about that.

    --
    Make sure everyone's vote counts: Verified Voting
  2. my summary of the white/sales paper - fluff mostly by prawn_narwp · · Score: 4, Insightful

    This is basically 7 total pages:

    * first couple pages on installing bitorrent'd software
    * Page 4 and 5 about people who installed openssh on their jailbroken iphones and didn't change their passwords
    * last page has citations back to their own blog

    The meat of it is about PDF, Java -- surely those have a more widespread effect right? But they spend a lot less words on those topics. Note that all the visuals have to do with the stupid ssh-admin-password and bittorent'd malware.

    Skip to the concluding paragraph -- they just have to emphasize the iphone again.

    I was going to say "I declare this posting unfit for Slashdot" but the good I see is that we can pick it apart to sort out the fluff.

    My rating system on severity overall on the entire population of apple products:

    1) pdf/java (5 stars)
    2) I-enabled-ssh-w/o-a-password (1 star - you're fault for being a retard)
    3) Charles Miller iphone vuln (5 stars when it wasn't patched)

  3. Re:So, avoid pirated Mac software... by silentace · · Score: 5, Insightful

    So you basically said what PC users do everyday (the ones that don't ever get viruses)...

  4. Apple's DRM seems to be the main problem by DrXym · · Score: 3, Insightful

    If Apple didn't put such draconian limits on what a person could do with their own property, perhaps there wouldn't be the need to "jailbreak" it.

    1. Re:Apple's DRM seems to be the main problem by DrXym · · Score: 2, Insightful
      This means that any software I install on it gets at least a screening from a company that has a lot to lose by allowing malware on the phone.

      They also have a lot to lose by allowing apps like voip, instant messaging, map readers, voice search, flash player, browsers, podcasters, movie players, music players, file downloaders etc. etc.. Basically anything that competes with their tech, or offends the network, or they simply don't like on grounds of taste or any other arbitrary reason. They even ban apps with scripting / runtime capability even extending to the absurd banning of a C64 emulator lest somebody figure a way of using it to jailbreak the phone. It's not even the small fry that have been hurt - Google have had apps rejected.

      The restrictions are draconian, and it isn't surprising given the above, and the way the device is locked to certain networks (even outside of contract) that people want to jailbreak it.

  5. Re:With great freedom comes great resposibility by bdsesq · · Score: 3, Insightful

    Apple either supplies a default root password or it has to build in a backdoor. Otherwise there is no way to upgrade the OS. Which way do you think is more secure?
    The jail break issue isn't Apple's problem. It is a problem with people doing things they don't understand.
    Looks like the jail break is just another way to root kit a computer (phone).

  6. Re:With great freedom comes great resposibility by mdwh2 · · Score: 4, Insightful

    When people point out something the Iphone can't do, we hear "Oh it can, but you just have to jailbreak it". When we get stories about security holes, we hear "Oh that doesn't count, you just have to not jailbreak it".

    So er, which is it?

    The problem is that the Iphone is the only phone where "jailbreaking" is necessary to get basic functionality working (e.g., tethering, running applications that Apple don't like).

    Consider, do you ever hear people talking about "jailbreaking" in the context of any other phone?

    My 5800 works fine, not had a virus (indeed on any of my phones), never needed to hack it.

  7. Re:So, avoid pirated Mac software... by dave562 · · Score: 2, Insightful

    Except for those exploits that target Acrobat, or Flash, or .. or .. or.

    Microsoft has made some improvements with DEP and IE8 on Win7, but there are still far too many vulnerabilities in commonly used and widely distributed applications to make me comfortable with Windows.