Apple Security Woes Deepen

Security firm Secunia has discovered a vulnerability in Mac OS X caused by an error in the processing of file association meta data (stored in the "----MACOSX" folder) in ZIP archives, according to a note posted by the security firm. It can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive.

It also can be exploited automatically via the Safari browser when a user visits a malicious Web site, the company said.

Also this week, the antivirus company Symantec (Nasdaq: SYMC) identified the second worm to target the Mac environment. Called OSX.Inqtana.A, it spreads via Bluetooth wireless connections. It follows last week's discovery of the first worm specifically tailored for a Mac, Leap-A, which spreads through an application sent via iChat.

None of these problems present a serious worry -- at least immediately -- to Apple users.

Apple's Response

The longer-term implications, though, do raise concerns. There is no doubt that malware attacks on Macs will increase, Robert Siciliano CEO of IDTheftSecurity.com told MacNewsWorld.

Macs are not the only vulnerable systems, either. Firefox and cellular phones may also become targets. "Identity thieves will go wherever there is the path of least resistance," Siciliano said.

Apple's initial response when the first worm struck last week was somewhat disappointing, Graham Cluley, security consultant for Sophos , told MacNewsWorld. "OS is a well designed system, and Apple did give users some good advice on how to protect their computers -- but at the same time, they seem to be in denial about how serious the problem could get. Also they were claiming it was a Trojan, not a self propagating worm."

In a way, it is reminiscent of what happened in 1995 when the first Microsoft (Nasdaq: MSFT) Word virus appeared. "Microsoft refused to call it a virus," Cluley remembered. "They called it a 'prank macro' instead."

Corporations at Risk

The Mac user base is growing larger, which makes it that much more attractive to virus writers, Scott Carpenter, director of the Secure Elements Security Labs, explained.

"The old paradigm of a hacker creating a worm for notoriety and peer respect has morphed into a new paradigm of "hacking for profit," he told MacNewsWorld. "If there is money in it, it will be hacked."

That explains in part why the recent Mac OS X vulnerability was not a surprise to the security industry, Carpenter added. "Mac OS X has started to gain a larger market share of the desktop market, and this made Mac OS X a larger target."

The Weakest Link

Apple has been making inroads into corporate markets, which could put some company networks at risk if the creation of Mac malware does escalate. "Most businesses do not standardize on Macs, but many networks today contain at least one Mac system, even if the network is predominantly Windows- or Linux-based," Jon Kuhn, director of product management at SonicWALL, noted.

"Corporate networks are only as good as their weakest link, so it's timely for Mac users to take another look at their network security," he told MacNewsWorld.

The rise in Mac threats and the "OSX/Leap.A" virus are important illustrations of why security needs to be a greater focus for Mac users, he continued. "The OSX/Leap.A virus may be classified as low-risk but, because it can release confidential information, is spread via a typical e-mail and can propagate itself through instant messenger applications, is inherently threatening to unprotected networks."