Today there was a brief discussion among a few Handlers regarding the vulnerability reported by Microsoft in March. The discussion was not so much on the fact that there was an exploit for a Mac OS, or that it was published by Microsoft. The discussion was focused on the sense of complacency that has seemed to develop around Mac products where security is concerned.









Looking back to 2001, Larry Ellison proudly proclaimed Oracle was unbreakable (That statement proved to be untrue, and the hacking community gladly pointed that out to Oracle very quickly.) At the time he most likely based his statement on the fact that there were no known vulnerabilities in the database application at the time. And, at that moment in time, it may have been true. But time marches on....









While the Mac operating systems may not have the number of vulnerabilities that exist in other operating systems, they do exist, and it is only a matter of time before those vulnerabilities play out in the public. We as security professionals would be wise to look at the history of end-user platforms and plan accordingly. It is only a matter of time, as the exposure of these systems increases, the number of reported vulnerabilities will increase.









Thoughts?









tony d0t carothers - gmail

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.