Does Mac Have Potential For Hacker Attacks?

In January, four critical security vulnerabilities were discovered in the Apple QuickTime and iTunes applications, raising security concerns over the increasingly popular media player formats.

Solution providers said customers need to be aware of the risks these applications might bring, but expressed faith that Mac OS X remains secure, at least for now.

The Mac generally is called a platform that is secure from exploits and viruses in part because the user base of Macs is very small compared with that of the Windows PC, making the Mac community a less attractive target.

Not everyone sees it that way, however.

id
unit-1659132512259
type
Sponsored post

“I really think that is a misnomer,” said Ian Blanton, director of consulting for Tech Superpowers, an Apple solution provider in Boston.

Blanton said viruses can reach any system connected to the Internet, regardless of the operating system. And the fact that there has not been a known, live virus that has successfully propagated through the Mac OS X poses a challenge that could be too good for some hackers to pass up, he added.

“That makes Macs an even bigger target,” he said.

Vulnerabilities affecting QuickTime and iTunes for Mac OS X 10.3.9 and Windows XP were recently discovered by end-point security vendor eEye Digital Security. The vulnerabilities could allow a remote attacker to overwrite heap memory in QuickTime and iTunes files, causing the computer to crash and enabling the attacker to execute code that controls certain commands. Someone looking to exploit these vulnerabilities would have to convince a potential victim to click on a link sent via e-mail. Apple responded by quickly sending out a patch, but the discovery has raised questions regarding the long-standing notion that Macs are impervious to security exploits.

An Apple spokesperson did not formally comment on the vulnerabilities but said the company&'s Web site provides information on OS 10 security.

The concern is that since iTunes and QuickTime are becoming increasingly popular, those applications could become attractive targets for potential exploits, said Steve Manzuik, security product manager for eEye, Aliso Viejo, Calif. (Apple said it has sold 500 million iTunes downloads and more than 40 million iPods.) Plus, the applications are difficult for IT departments to manage since they easily can be downloaded for free, he said.

“The potential is there. We haven&'t seen any exploitation, but it doesn&'t mean it can&'t be done,” Manzuik said.

Apple&'s VAR partners aren&'t too concerned at this point about exploits, viruses or worms being spread on Macs, but they agree that security shouldn&'t be ignored. “It&'s always a concern,” said Alberto Palacios, president of Create More, San Francisco.

It&'s easy to write a virus for the Mac; the difficult thing is making it propagate, Palacios said. Anytime an application is installed on a Mac, several pop-up windows will ask the user if they are sure they want to install and run the program. Unless a hacker physically has access to the computer, it&'s almost impossible to unknowingly infect it with a virus, he said.

But given the growing popularity of iPods and iTunes, the threat for an industrious hacker to be the first to hack a Mac is real, Palacios said. “I do believe [Mac] is becoming a bigger target,” he said.

Apple takes security very seriously, said George Swords, marketing manager for PowerMacPac, an Apple reseller in Portland, Ore. Mac users should always have the latest software updates installed, and antivirus security software should be used to guard against forwarding infected e-mails to friends that have PCs, he said.

The Mac also comes with its security defaults activated, unlike a Windows PC, which requires security features to be turned on, according to Swords. “Out of the box, everything is locked down on a Mac,” he said.

The likelihood of a live virus spreading through Macs is small, and hopefully it will never happen, he said. “I don&'t ever want to see that in the press,” Swords said.