Scott's Weblog The weblog of an IT pro specializing in cloud computing, virtualization, and networking, all with an open source view

Is Apple Doing Enough for Mac Security?

Apparently, a bug similar to one fixed by Apple in March 2006 has appeared in Leopard. More information is available from the heise Security and Dark Reading web sites.

The flaw allows attackers to create e-mail attachments that appear to be harmless—say, like a JPEG image—but are actually executables that run malicious code. In Mac OS X 10.4, users were warned that the attachment is actually an executable file. It’s doubtful that this new bug is the same bug as was fixed in earlier versions of the OS, although the end result is the same.

I have not seen any information as to a workaround for this flaw, other than to avoid opening e-mail attachments. It is my understanding that this flaw was made public right around the same time as the release of the latest security updates for Panther and Tiger and the first major update for Leopard, 10.5.1, so I don’t think that a patch for this flaw has yet been made available.

I hope that the emergence of a flaw similar to one corrected in earlier versions of the OS does not indicate a more severe security problem within Leopard or even within Apple. As it currently stands, I have concerns that Apple is not taking security seriously enough and is “resting on the laurels” that Mac OS X is already secure enough because of its UNIX underpinnings. It would be a shame for a great OS such as Mac OS X to be tarnished because Apple wasn’t willing to put forth the effort to make it as secure as it needs to be in today’s environments. Don’t get me wrong; I love the Mac, and I love Mac OS X. This kind of mistake, however, would get someone like Microsoft tarred and feathered. Why aren’t we holding Apple to the same standards? Is Apple really doing enough for Mac security?

Metadata and Navigation

Be social and share this post!