Kaspersky: Apple needs to face up to Mac threats
The security company says it analyzed Mac OS X vulnerabilities and new forms of malware on its own initiative, but that "Apple is open to collaborating with us."
Last updated: 12:18 p.m. PT.
One of Apple's more outspoken critics investigated the security of the Mac OS, and the company may not be too happy with the results.
Apple is turning a blind eye to the security of its operating system, says Kaspersky Chief Technology Officer Nikolai Grebennikov, who conducted an analysis of the platform independent of Apple. Kaspersky has concluded that the company isn't taking the security of its own platform seriously enough.
In an interview with computing.co.uk, Grebennikov said the Mac is "really vulnerable" to malware, pointing to the recent Flashback Trojan, which infected around 600,000 Macs around the world.
Kaspersky later said computing.co.uk misquoted Grebennikov on one point, when the publication wrote that he said he had analyzed Apple's platform after a request from the company. Still, Kaspersky said Apple is open to collaboration on security matters:
As Mac OS X market share continues to increase, we expect cyber-criminals to continue to develop new types of malware and attack methods. In order to meet these new threats, Kaspersky Lab has been conducting an in-depth analysis of Mac OS X vulnerabilities and new forms of malware.
This security analysis of Mac OS X was conducted independently of Apple; however, Apple is open to collaborating with us regarding new Mac OS X vulnerabilities and malware that we identify during our analysis.
The Flashback Trojan delivered its malicious payload by exploiting a known weakness in Oracle's Java. Instead of giving Oracle the ability to patch the flaw on Macs, Apple insisted on running the updates itself. But it waited too long.
"Apple blocked Oracle from updating Java on Mac OS, and they perform all the updates themselves," Grebennikov said. "They only released the patch a few weeks ago -- two or three months after the Oracle patch. That's far too long."
Grebennikov believes the outbreak of Flashback is a sign that Apple needs outside help with its security. Kaspersky has been a harsh critic of Apple's security, or lack thereof. CEO Eugene Kaspersky recently argued that Apple is around ten years behind Microsoft in security.
The company and its Mac users were bitten pretty heavily by Flashback, and Apple obviously doesn't want any repeats of that incident.Apple is trying to shore up security on its own.
The upcoming release of OS X 10.8 Mountain Lion will include a new technology called Gatekeeper, which will tell the OS to run only applications that have been signed and approved by Apple.
CNET contacted Apple for comment. We'll update the story if we hear back.
Updated at 12:18 p.m. PT: to include an updated statement from Kaspersky, whichi claims the original computing.co.uk story misquoted its executive.