Apple Security Vulnerability Reported
(Disclaimer: As Rob Rosenberger reminds us, this is the time of year for computer security hysteria in the media, so media reports must be taken with several pounds of salt. Both the Black Hat and DEFCON conferences are going on.)
Reuters reports that a security researcher demonstrated a serious vulnerability in Mac computers. This one would allow an intruder to retrieve encrypted data. The story is here.
The existence of a vulnerability does not, of course, mean that Mac users are actually vulnerable.
A vulnerability doesn’t become a threat until someone actually tries to exploit it. Proof of concept viruses targeting cellphones have been tested, but, by and large, cellphones aren’t targets in the wild. The “smartphone” is still a small percentage of the market (though the cachet of the iPhone might be changing that); even a smartphone can’t be reliably integrated into a botnet; and cellphones, except for some persons’ smartphones, don’t usually contain the kind of personal information an identity thief might want.
What I take away from this is the lesson that most Windows users learned a long time ago: Sensible persons take sensible precautions. Be mindful of security (some of the precautions recommended at the preceding link are what I consider a little extreme, but it’s an excellent summary of good security practices).
I know nothing about Macs or the Mac security model. I have a friend whose whole family loves them to death because, she says, “They just work.”
I looked at hers once.
The usual excerpt. The last paragraph is particularly instructive. The weakest link in computer security is a PEBCAK issue. Back in my tech support days, one of us might hang up the phone (well, push the release button); another asks, “What was wrong.”
“PEBCAK”–Problem Exists between Chair and Keyboard:
Attacks on Apple computers are extremely rare, but security experts say that will change as Macs gain market share on PCs running Microsoft Corp’s Windows operating system. Security experts have identified at least three viruses infecting Macs over the past year.
The most sophisticated of them is spread via pirated versions of Apple’s iWorks software. It allows cybercriminals to take complete control of an infected Mac.
Another virus, OSXPuper a, is spread via infected websites that direct users to download what they say is a video player, but turns out to be malicious software. That software can subsequently download other types of viruses.