Mac OS X versus Windows Security: Let’s just call it even
Mac users like to say their computers are more secure than Windows-based computers. I’m not saying all Mac users say OS X is more secure than Windows, but I’m sure everyone knows somebody that does. I usually keep my mouth zipped when someone states it, because it’s pointless to argue with someone that believes their operating system is less exploitable just because another operating system is more exploitable. Apple’s Security Update 2010-005 provides all the evidence that’s needed to set the record straight once and for all.
Before we dive into the details, let me make a brief comment here about “arbitrary code execution.” Arbitrary code execution is a euphemism for a successful buffer overflow. If you’re interested in learning more about buffer overflows, there is a decent write-up on Wikipedia. The outcome of a successful buffer overflow, is that a hacker gains control of the execution thread and can perform any number of actions, which may or may not include performing actions as the system’s administrator. With administrator privileges, a hacker may be able to install a Trojan. Even without administrator privileges, arbitrary code still executes with the user’s privileges, which provides more than enough opportunity to ruin someone’s day.
Of the seven vulnerable products/components, five are at risk for arbitrary code execution, some of which can be triggered just by viewing a document or image file:
ATS [Apple Type Service for fonts] : Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
claimAV [anti-virus program]: Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution.
CoreGraphics [OS X graphics component ]: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. Note here that it’s not only Adobe software that is vulnerable to PDF exploitation!
PHP [scripting language]: Loading a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution. Note that many images on the Web are PNG files.
PHP [scripting language]: Multiple vulnerabilities in PHP 5.3.1. PHP is updated to version 5.3.2 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution.
Samba [file and print services ]: An unauthenticated remote attacker may cause a denial of service or arbitrary code execution.
If you run through the history of Windows vulnerabilities, you’ ll come across the same types of vulnerabilities. Just think, all of these OS X vulnerabilities have been just sitting around waiting to be discovered and documented by the good guys. I wonder how long the bad guys have known about them? How many more vulnerabilities do you think are still hidden in the code?
Here are the other two products/components that are included in the update:
CFNetwork [framework for network protocols]: An attacker with a privileged network position may intercept user credentials or other sensitive information.
libsecurity [certificate host name resolution]: An attacker in a privileged network position who can obtain a domain name that differs only in the last characters from the name of a legitimate domain may impersonate hosts in that domain.
Just so that you don’t get the wrong idea, I’m not happy about these vulnerabilities, but they do prove that Apple’s OS X operating systems are not any more secure than Windows operating systems. Quantity is not a valid comparative statistic- it’s the type of vulnerabilities that people need to be concerned about. If I were a Mac user, I would be very concerned about exposure to some of these vulnerabilities.