Mac OS X Lion: Losing its security pride

The past couple of weeks have not been the best for Mac OS X's security reputation.

Recently, anti-virus firm F-Secure detailed a Trojan dropper that will insert a backdoor onto targeted systems. During the attack, a PDF is forcibly opened, designed to distract the end user from the shenanigans going on in the background.

According to F-Secure, the PDF file is written in Chinese, and is politically inflammatory. While the PDF launches, malware is dropped after it downloaded from a remote server located in Russia.

This week, Mac security software maker Intego said it discovered a new, albeit low risk, Trojan that pretends to be an Adobe Flash player installer. According to Intego, users visiting certain malicious websites may see a link or an icon to download and install Flash Player. Since Mac OS X Lion does not include Flash Player, some users may be fooled and think this is a real installation link, Intego said in an advisory.

It's those users that keep their standard system settings that are at the greatest risk, Intego says. Because the Safari browser is set to consider installer packages as safe (those files with a .phg or .mpky extension) it will automatically launch after download if their settings aren't changed from the default. Intego advises users remove those settings.

If the Trojan and malware are installed, according to the vendor's analysis, it will then attempt to shut down certain network security software and delete its own installation package. It will then install attack code that enables it to inject code into the applications the user launches. Intego says it will release more information about the code the Trojan inserts after it has completed its analysis.

In another recent scratch on OS X Lion's security luster, security researcher Patrick Dunstan posted on the Defense in Depth site about how OS X Lion's passwords can be maliciously changed. This is made possible, according to Dunstan, because Lion enables non-root users to view password hashes by extracting the data directly from Directory Services. That could be scary enough, but unfortunately, according to Dunstan's research, Directory Services in Lion doesn't require user authentication when performing a password change: which makes it easier for attackers to change passwords for you.

Does such security design missteps and a recent bump in OS X attack software mean OS X users need brace for a wave of fresh attacks and exploit code?

Mac security firm Intego believes so. "The past year has seen a huge increase in Mac malware. Not only are malware creators targeting Macs more, but they are also improving their techniques. The code in this new Trojan horse is very sophisticated and shows a good knowledge of Macs," said Peter James, global spokesperson for Intego.

When asked to provide figures to substantiate that malware authors were targeting Macs in much greater numbers, Intego did not do so.

Rich Mogull, analyst and founding CEO at the IT security research firm Securosis, says that while there may be an uptick in Mac malware -- and there have been some security design mistakes -- the threat landscape for Mac users hasn't changed very much.

"The default trusting of installer packages is something Apple should change, but it's a setting users can correct themselves," Mogull says. "As for the risk of increased malware, that's not something I'd be concerned about. It's not as if OS X is going to experience the type of malware problem we all saw with Windows XP," says Mogull.

George V. Hulme writes about security and technology from his home in Minneapolis. You can also find him tweeting about those topics on Twitter at @georgevhulme.

Read more about network security in CSOonline's Network Security section.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Vulnerabilitiessoftwaredata protectionapplicationsfirewallsMac OS Xf-secureExploits / vulnerabilitiesData Protection | Network SecurityLionIntegoMac securitysecurity flawsPDF flaw

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

George V. Hulme

CSO (US)
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?