CNET también está disponible en español.

Ir a español

Don't show this again

HolidayBuyer's Guide
Security

This week in security

Apple has traditionally been regarded as partially immune to the exploits of hackers--but those days may be over.

Apple Computer has traditionally been regarded as partially immune to the exploits of hackers and virus writers, thanks to its low market share--but those days may be over.

This week Apple closed a security hole that had allowed an underground program to tap into its iTunes Music Store and purchase songs stripped of antipiracy protections. The PyMusique software, created by a trio of independent programmers online, emerged last week. One of its creators was Jon Johansen, the Norwegian programmer responsible for releasing DVD-copying software in 1999.

But after Apple closed the hole on Monday, the group posted new code that it said will reopen the backdoor to Linux users.

The programmers' work has been one of the most persistent projects targeting Apple, whose iTunes store and iPod have drawn consistent attacks and experiments by people eager to extend the capability of the products or simply disarm copy protection.

Meanwhile, Apple's Mac OS X operating system is increasingly becoming a target for hackers and authors of malicious software, a security software company warns. In a new report, Symantec said that in the past year, security researchers had discovered at least 37 serious vulnerabilities in the Mac OS X. The company also said that as Apple increases its market share with new low-cost products such as the Mac Mini, its user base is likely to come under increasing attack.

The Symantec report also said there's been evidence of growth in vulnerability research on the OS X platform.

That report came as Apple released nearly a dozen fixes for flaws in the Mac OS, including a script for preventing phishers from fooling users of its Safari browser. The loophole could allow an attacker to use certain characters from different languages to create legitimate-looking Web addresses that actually send victims to malicious Web sites.

The newly released patches take care of flaws in the Apple Filing Protocol server and the Samba filing-sharing server, as well as multiple issues with the Cyrus authentication software, the Cyrus mail software, Mailman and SquirrelMail.