Mac Security Exploits Don't Shake Up Apple VARs

Mac OS X had enjoyed the status of never having been exploited by a live virus or worm, until late last week. The first OS X worm, a trojan called OSX.Leap.A, was delivered via Apple's iChat instant-messaging application on Feb. 16. And since then, a second worm has been found, along with a vulnerability in the new OS X 10.4.5 that could allow arbitrary commands to be executed automatically through the Safari Web browser via a malicious site. Discovered by Danish security firm Secunia, the new vulnerability was labeled "extremely critical."

Apple VARs, however, said the degree of the threat that the exploits and the vulnerability pose is being exaggerated.

"We're not immune, and we know that. But I don't think it's as serious as they've said," said Alberto Palacios, president of Create More, an Apple reseller in San Francisco.

The trojan spread through iChat enticed users to download a program disguised as a screenshot file of Mac OS X 10.5, dubbed Leopard. Once run, the program attempts to propagate by sending itself to all users on the infected victim's buddy list once iChat is opened on the desktop.

id
unit-1659132512259
type
Sponsored post

Unlike other malware that downloads and automatically starts doing its dirty work, this exploit relies on users to trigger it, which is why it wasn&'t given a serious threat level, according to Palacios. Security vendor Symantec rated the exploit a 1 on a scale of 1 to 5, with 5 representing the highest risk.

"This [exploit] requires you to open and run it. You have to be a willing participant,” Palacios said.

Yet the new vulnerability can download itself automatically through a feature in the Safari browser that automatically opens safe files after downloading. Mac users, though, only need to disable that feature to mitigate the risk, and users who haven&'t disabled it would have to be tricked into visiting a malicious site. Apple has not issued a patch for the vulnerability, which involves the processing of file association meta data in ZIP archives, and no exploits have been reported.

Such vulnerabilities likely will become more common as the number of Mac users continues to grow, said Alfred Huger, senior director of engineering for Symantec's Security Response Center.

"The more you see the Mac platform being adopted, the more you will find vulnerabilities," Huger said.

Customers are inquiring about the exploits and vulnerabilities, Palacios said. "I have customers asking questions, but they don't seem to be too concerned," he said.

Ian Blanton, director of consulting for Tech Superpowers, a Boston-based Apple specialist, said he&'s seen much of the same from customers regarding the recent Mac exploits. "Customers are asking if this is a problem and do I need to worry about it, but I haven't got a flood of calls," he said. "It makes them a little more aware about security, but that's a good thing."

Blanton said he expects Mac users in the near future to take extra security measures by using additional products, though it will still take a high-level malicious exploit before Mac security becomes a major concern.

"It's human nature not to respond until there's a serious emergency," he added.