Apple has asked one of its more outspoken critics to investigate the security of the Mac OS. But the company may not be too happy with the results.
Apple is turning a blind eye to the security of its operating system, says Kaspersky Chief Technology Officer Nikolai Grebennikov, who said Apple recently asked his company to investigate the security of the Mac. Kaspersky has concluded that the company isn’t taking the security of its own platform seriously enough.
In an interview with computing.co.uk, Grebennikov said the Mac is “really vulnerable” to malware, pointing to the recent Flashback Trojan, which infected around 600,000 Macs around the world.
Flashback delivered its malicious payload by exploiting a known weakness in Oracle’s Java. Instead of giving Oracle the ability to patch the flaw on Macs, Apple insisted on running the updates itself. But it waited too long.
“Apple blocked Oracle from updating Java on Mac OS, and they perform all the updates themselves,” Grebennikov said. “They only released the patch a few weeks ago — two or three months after the Oracle patch. That’s far too long.”
Grebennikov believes the outbreak of Flashback is a sign that Apple needs outside help with its security. The choice of Kaspersky to probe the Mac OS is an atypical yet savvy move on Apple’s part. Kaspersky has been a harsh critic of Apple’s security, or lack thereof. CEO Eugene Kaspersky recently argued that Apple is around ten years behind Microsoft in security.
Asking one of your toughest critics to point out your own flaws may show that Apple is trying to get more serious about security. The company and its Mac users were bitten pretty heavily by Flashback, and Apple obviously doesn’t want any repeats of that incident.
Once off the radar of malware writers, the Mac OS has become a more inviting target as Macs have grown in popularity. Apple’s tight control over its operating system also means that third-party companies, such as Oracle, can’t just dive in with the latest patches and updates.
Apple is also trying to shore up security on its own.
The upcoming release of OS X 10.8 Mountain Lion will include a new technology called Gatekeeper, which will tell the OS to run only applications that have been signed and approved by Apple.