Apple admits OS X not invulnerable to malware

Apple has removed a gloating reference that OS X does not "get PC viruses" following an uptick in malware and infections targeting the platform.

The website text previoulsy read that a "Mac isn't susceptible to the thousands of viruses plaguing Windows-based computers. That's thanks to built-in defences in Mac OS X that keep you safe, without any work on your part.”

It said that OS X "defends against viruses and other malicious applications" with virtually no effort on the part of the user.

However, now it states "it's built to be safe", with text reading that OS X "is designed with powerful, advanced technologies that work hard to keep your Mac safe" via its sandboxing capabilities.

"Mac malware is a reality these days, with regular users finding their computers are becoming infected. The problem may not be as significant as Windows malware, but it exists," said Graham Cluley, senior technology consultant at Sophos.

“A recent analysis by Sophos found that 2.7 per cent (one in 36) of Macs which downloaded our free anti-virus product were found to be infected by Mac OS X malware. So the problem is real and Apple seems to be becoming a little bolder in acknowledging it. I view the changes in the messages pushed out by their marketing department as some important baby steps.”

The recent Flashback botnet was reported to have affected around 600,000 Macs, with Russian anti-virus firm Dr Web saying that 817,879 bots had connected to Flashback at one time or another, and an average of 550,000 infected machines interacted with a control server on a 24-hour basis.

In a recent interview with CSO Online, Kaspersky Lab CEO and founder Eugene Kaspersky said Apple's lack of support for older Macintosh operating systems is placing Mac users into the path of in-coming cyber security attacks, and called Flashback a "wake-up call" for Apple to improve security.

“Apple has stopped supporting some older operating systems, but there are still millions of people using these systems. It means if vulnerabilities are found, any kind of bad guys will be free to infect these machines,” he said.

“Ten years ago, Microsoft was vulnerable because there were many mistakes in its software codes, and exploits were possible to be developed for Microsoft. However, it invested in a source-code inspection to make sure there were no vulnerabilities and introduced patch systems.”

This article originally appeared at scmagazineuk.com