IBM report> Apple takes top Spot in numbers of disclosed vulnerabilities

Discussion in 'Apple, Inc and Tech Industry' started by clevin, Aug 6, 2008.

  1. clevin macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #1
    disclosed vulnerabilities of Apple products is 3.2% of total disclosed in first half of 2008. M$ was number 1 last year. It falls to #3, behind Apple and Joomla!.

    report (pdf) is here http://www-935.ibm.com/services/us/iss/xforce/midyearreport/xforce-midyear-report-2008.pdf

    Vendors affected by highest numbers of PUBLIC disclosures are M$ (#1), HP (#2) and Apple (#3).

    Web application vulnerabilities are 51% of all vulnerabilities.

    Top 5 Most prevalent web browser exploits (2006-2008) includes 4 ActiveX and 1 QuickTime vulnerabilities.

    Phishing is 0.2-0.8 % of total SPAM in first half of 08, Six US banks are most common target, followed by UK Banks.

    Good Luck people.
     
  2. gnasher729 macrumors P6

    gnasher729

    Joined:
    Nov 25, 2005
    #2
    Any statistics about actual exploits? Like how many Macs are part of some bot farm, how many are infected by viruses, how many have keyloggers installed without knowledge of the owner?
     
  3. clevin thread starter macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #3
    lol, you can't even get that type of numbers for windows vista.....

    But yeah, that would be very nice numbers to know.

    PS> the report did say that public disclosed vulnerabilities are general exploited in 24-hrs upon release.
     
  4. ohforfckssake! macrumors regular

    Joined:
    Aug 2, 2008
    Location:
    Singapore
    #4
    How commonplace are exploits like keyloggers, worms and trojans on a Mac? How do they get on the Mac in the first place, given its different security architecture? Through downloading warez or other dodgy programs?

    I've never understood how vulnerable Macs really are. Is it a security through obscurity thing or are Macs just exceedingly difficult to compromise?
     
  5. clevin thread starter macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #5
    I think its a little bit both, but not sure how each one weighs.
     
  6. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #6
    Interesting notes..

    the client-side public exploits of the OS has dropped significantly since mid-2006. Far more focused on browser now. But I wondered how Apple got into this mix as top dog..

    Given this:

    Quicktime and iTunes? Seeing as they're bundled together for Win32 and iTunes accounts for such a significant portion of the (online music) market share, I think it likely that this is the reason for Apple's top rank.

    Of course, public exploits don't necessarily turn into used exploits, as evidenced by the top 10 malware (and subsequent categories of malware examples) being for exclusively for Win32 devices.
    I'm sure that shear numbers of Windows boxes account for that, but it's also not time to panic and say that Apples are totally unsafe.

    Funny, Firefox taking on 8 reported vulnerabilities, more than IE!

    The USA accounts for 53% of the world's porn. Nice.
     
  7. clevin thread starter macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #7
    yes indeed, for apple's market shares, panic is not necessary currently.

    But the trend is not promising, isn't it?

    Firefox might have 1 or 2 more vulnerabilities in the report than IE, but Mozilla does patch it quickly so lower the number of users who are exposed to it.

    On the other hand, Apple's security patches are not that fast, combined with the not so promising trend of Apple's security problems..

    I would like apple to take some actions improving the patches,, improving the communications, and give more honest and specific directions to end users.

    Panic? NO, blindly dreaming in lala land? Better not neither.
     
  8. IJ Reilly macrumors P6

    IJ Reilly

    Joined:
    Jul 16, 2002
    Location:
    Palookaville
    #8
    Uncommon to the point of not existing in the wild. Trojans are possible on any platform because they are fundamentally social engineering exploits but although we have seen a few proof-of-concept trojans for the Mac, I believe none have become even remotely common.

    Not being tremendously technical I can't answer the question about OSX's security model in any detailed way, but I do know OSX requires more user intervention than Windows before code is inserted at the root level. This makes it more difficult for bad things to happen. Microsoft has also created some relatively easy methods for authoring and distributing malware, such as Virtual Basic.
     
  9. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #9
    For which there was an exploit coming in at spicy number 3 on one of the lists. :)
     
  10. clevin thread starter macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #10
    ...mmmmm... you guys sure? I only heard about Visual Basic, never heard about Virtual Basic.

    PS. codes being inserted into root level is not only, nor is it prevalent security problem facing computer users today. Honestly taking action, thats what I would like to see from apple.
     
  11. IJ Reilly macrumors P6

    IJ Reilly

    Joined:
    Jul 16, 2002
    Location:
    Palookaville
    #11
    My mistake. Visual Basic is correct.
     
  12. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #12
    Chicken. I'm sticking with Virtual Basic.
     
  13. IJ Reilly macrumors P6

    IJ Reilly

    Joined:
    Jul 16, 2002
    Location:
    Palookaville
    #13
    Oh now you're just picking on me. Cut it out. :(
     

Share This Page