The idée fixe that Macintosh is impervious to attack could be shattered if cyber-criminals act on their arsenal of 0-day exploits, security experts say.
Hackers need only a few critical vulnerabilities, common to all operating systems including the security-focused OpenBSD, to craft a successful attack.
Pure Hacking senior security consultant Chris Gatford said hackers may retain 0-day Macintosh vulnerabilities unknown to the industry and exploit them at an opportune time.
“It's only a matter of a time before Macs get more market share and become a more viable target,” Gatford said.
“Mac users now are exposed to less risk because bad guys see the money in compromising Windows machines as they have a better chance of a hit with malware.
“Most Mac users don't run anti-virus and those that do rarely update. Apple are a lot slower to patch holes for the Unix/BSD back-end than the other Unix variants,” he said.
Only last year, a MacBookAir was hacked in less than two minutes using the Safari browser. The hacker, a US security analyst who scored US$10,000 at the pwn to own competition, said the fully updated and patched OSX 10.5.2 was easier to hack than the updated Vista and Unbuntu systems.
Securus Global CEO Drazen Drazic said it is well reported that Macs are not invulnerable and said it is doubtless that hackers are hiding unreleased exploits.
“Very surprised if there is not exploits that guys are sitting on as 0-days for their own private use,” Drazic said. “It's far more beneficial to keep private a vulnerability for an iPhone.”
Hackers that keep vulnerabilities on the down-low have more time to write and perfect exploits. “It could take say three months to write an exploit for a standard memory-corrupting vulnerability for OpenBSD,” Drazic said, adding that it may take a few days or hours to exploit address space randomisation and memory protection which are new to Apple systems.
Still, industry figures say the security of an operating system cannot be rated by its exploit count — an approached favoured by many vendors — because more vulnerabilities will be discovered in popular operating systems than obscure alternatives.
Moreover, the most prevalent Mac infection techniques require reckless users as it is arguably more difficult to hack the latest OS X and Windows Vista systems - if only because they do not allow root access by default and contain better application installation controls than their predecessors. The iServices Trojan Horse, discovered in January which triggered a Mac botnet scare, typified the use of pirate software as a vector of attack.
Researchers are not suggesting that Mac exploits will be launched in a collective Armageddon, rather they may be quietly in use now, and taking advantage of Mac users smug on security, or vendors that are ignorant to the holes.
“You can't be certain that their not using exploits just because you're not hearing about it. Many organisations don't have decent logging or monitoring and don't run penetration tests, so they can't tell if they are compromised,” Drazic said.