• Flashback Malware …Lack of security finally catches up with Apple

    by  • April 12, 2012 • Journal • 0 Comments

    It was only yesterday when Apple was showing off their ‘Im a Mac’ TV advertising campaigns, with simple to understand concepts; such as ‘Im good at making movies’ or ‘Im not boring’ but one of the most important concepts they tried to put across was that Mac OSX was secure and didn’t get Viruses or Malware.

    But their defence was only based on 2 fundamentals: The Unix underpinnings were safer by design (when originally implemented) and the install base of Mac’s were rather small (at the time). Both of these fundamentals have long since disappeared.

    Apple Mac OSX installed userbase has sky rocketed over the last few years and Windows has come on leaps and bounds in terms of security, with Windows 7 and Server 2008 setting the benchmark. Because of this malware and virus writers are beginning to set their glaze on Apple as their next target, with the most recent and currently best known of these being the FlashBack malware.

    What is it?

    Flashback is a form of malware designed to grab passwords and other sensitive information from users through their Web browser (and other applications such as Skype). A user typically mistakes it for a legitimate browser plug-in while visiting a malicious Web site. At that point, the software installs code designed to gather personal information and send it back to remote servers.

    Worrying for most, in its most recent incarnations, the software can install itself without user interaction

    What could Apple learn from Microsoft?

    It’s strange to think that Apple should take lessons from Microsoft, but they should when it comes to security. Microsoft has done so many things right in this field. They work closely with Antivirus companies, they have an internal group dedicated to tracking malware and virus outbreaks, they have a fast response mechanism for security updates. Apple well… they have only updated their built in protection software XProtect twice …ever.

    Even worse, with Apples constant march forward, the Java security fixes are only available on Mac OS X 10.6.8 and later, so if you’re running OS X 10.5 or earlier, you will still be vulnerable. Apple has stopped supplying software updates for these operating systems.


    Software engineer. Tea drinker


    Leave a Reply

    Your email address will not be published. Required fields are marked *