Lies, damned lies and chomping on the number of OS X CVEs

A few years back, so the story goes, there was an operating system that was impervious to all forms of malware.

Unlike its older, and far more popular brother, OS X wasn’t very attractive. People didn’t like it, not because it wasn’t very good, but because it simply wasn’t the cool kid on the block.

Even a constant stream of name changes couldn’t help – after all, who would want to be a cheetah, a tiger or a lion when they could instead be an XP or a 7?

And thus the myth of Apple’s desktop OS being impervious to all the bad stuff was born (why? Either because it wasn’t used enough to be a legitimate target or it was supposedly vastly superior, take your pick).

But…

As time went by..

The cool kids flocked to the other side of the playground, tempted by shiny iPods, iPads and a sexy young minx called Retina.

And you know what? The bad guys took notice and took it upon themselves to cause as much mischief and mayhem among this new crowd as they possibly could.

And so a recent study by CVE Details conjures up a picture of insecurity once totally unimaginable – Mac OS X is now top of the pile for Common Vulnerabilities and Exposures – a fact that hasn’t gone unnoticed by headline creators who one might describe as being anything but Apple fanbois.

But… even though OS X racked up a total of 384 CVE advisories in the year just passed, versus a rather more modest 314 for Flash and a mere 147 for former poster-boy Windows 7, the story is not quite complete.

That’s because CVE Details lists total vulnerabilities without a care for how severe or otherwise they may have been.

If I asked you if you would trade 2 of your OS X vulnerabilities for 1 of my Flash CVEs… I think you get where I’m going with this.

Also, many of the vulnerabilities are cross-platform, meaning multiple patches from numerous vendors for the same issue – should that attract a ‘high’ ranking?

Lastly, the figures are compiled, quite obviously, from reported vulnerabilities. While there’s no way of knowing for sure, who would bet on there being more OS X vulnerabilities being kept under wraps by potential attackers than Windows bugs? I know I wouldn’t.

So, even though Mac OS X appears to be “the most vulnerable operating system” it almost certainly isn’t.

Apple may have lost the benefits of ‘security through obscurity’ that came when its products were less popular than they are now but its still the bigger brother that gets the bulk of the attention.

Hackers go were the fruit hangs low and, while the Apple is certainly more tempting than it was before, its still high enough up the tree to avoid the majority of bad guys who don’t fancy the bother of coming equipped with a ladder.

However…

Things do change and there are no assurances that OS X will never succumb to a nasty piece of code that could ruin your life or trash your business, so stay alert and stay secure, and don’t fall into the OS flame war hype that often clouds the MS vs. Apple debate.

Leave a Reply