SANS: Apple OS security slipping

Cybercriminals have developed many new exploits to compromise Apple Computer’s OS X operating system, including a zero-day attack, the SANS Institute said in a new report released today.

“OS X still remains safer than [Microsoft] Windows, but its reputation for offering a bulletproof alternative to Windows is in tatters,” said Alan Paller, the institute’s director of research.

In the report, Paller and other experts discussed security problems highlighted in the institute’s spring 2006 update to its Top 20 Internet Security Vulnerabilities list.

Other trends include:

• A huge decline in attacks on the Windows operating system, offset by rising attacks on application vulnerabilities.
• Ongoing discovery of new zero-day attacks on Microsoft’s Internet Explorer Web browser. Such attacks exploit vulnerabilities before the software developer can release a patch and sometimes even before it is aware of the weakness.
• Continuing fast growth of critical vulnerabilities in Mozilla’s Firefox Web browser and other Mozilla software.
• A wave of low-cost zero-day attacks that install spyware and adware on computers.
• Rapid growth in attacks that seek to directly access databases, data warehouses and backup data.
• More attacks using doctored files, including media, image and Microsoft Excel files.

A growing nontechnical threat is a type of phishing attack known as spear phishing in which hostile nation-states target specific individuals and organizations, Paller said.

Spear phishing often involves imitating a senior official at an organization to persuade recipients to disclose sensitive information or download software. The attacks are doing particular damage in the defense and energy industries, Paller said.