Skip to main content

Apple software has most security holes: Secunia

Submitted by bsfootprint on Wed, 07/28/2010 - 23:25
bsfootprint's picture

Hey! Apple software has the most security holes!

A new report from security software provider Secunia shows that despite considerable security investments, the software industry at large is unable to produce software with substantially fewer vulnerabilities.
The latest data shows that Apple has surpassed Oracle and even Microsoft with accounting for the most software vulnerabilities, though the No. 1 ranking is related only to the number of vulnerabilities--not to how risky they are or how fast they get patched.

How did that happen?

A friend once told me: "He who does little makes few mistakes" -- Welcome to the big time, Apple. Enjoy it while it lasts.

Sources: 
Secunia: Apple software has the most holes (news.cnet.com)
Share this
Filed under

Comments

#1 Speaking of weak security... iPhone vulnerability...

Anonymous's picture
Submitted by Anonymous (not verified) on Sun, 08/08/2010 - 22:23.

Apple's desire for absolute control may contribute to their weakness...

http://www.usatoday.com/tech/products/software/2010-08-09-apple09_ST_N.htm

Apple is quietly wrestling with a security conundrum. How the company handles it could dictate the pace at which cybercriminals accelerate attacks on iPhones and iPads.

Apple is hustling to issue a patch for a milestone security flaw that makes it possible to remotely hack —or jailbreak — iOS, the operating system for iPhones, iPads and iPod Touch.

The patch is completed, Apple spokeswoman Natalie Kerris said in an interview. But Kerris said on Friday that she was not able to give a time frame for its public release.

Jailbreaking refers to hacking iOS to download Web apps not approved by Apple. This used to be difficult. This spring, a website came along called JailbreakMe.com that made it trivial to jailbreak your own iPhone or iPad. Last week, a technique for remote jailbreaking appeared on the site. It's now possible to access the operating system of an iPhone or iPad owned by someone else.

An attacker would get "fairly complete control of affected devices," says Michael Price, an operations manager for McAfee Labs. No such attacks are known to have happened yet, he says.

[snip]

"It's a brand new game with new rules," says Dror Shalev, chief technology officer of DroidSecurity, which supplies protection for Google Android phones. "We're seeing rapid growth in threats as a side effect of the mobile Web app revolution."

[snip]

Apple's problem is singular. The company has made a big deal about hiding technical details of iOS, allowing only approved Web apps to tie in. This tight control initially made it easier to keep iOS secure. But now Apple may have to share iOS coding with anti-virus firms, says Sorin Mustaca, development manager for anti-virus firm Avira.

Windows, Google, Nokia and RIM share such coding to help anti-virus firms develop protections. "Apple does not allow this, making it challenging for anti-virus vendors to create third-party protection for iPhones and iPads," Mustaca says.

Pressure is building. Mikko Hyponnen, senior researcher at anti-virus firm F-Secure, says hackers are likely working on a worm to take control of jailbroken iPads and iPhones. "My guess is we'll see it within a week," Hyponnen says. "There's very little users can do to protect themselves beforehand."