It did not take long in 2009 for Mac-targeted malware to surface and compromise security, according to the report by Intego. Malware authors directed their efforts at Apple’s iWork ’09 software shortly after its release in January. “The iServices Trojan Horse was provided as an additional installation package inside an installer for iWork found on BitTorrent trackers and other sites containing links to pirated software,” the report suggests.
Intego’s data show that approximately 20 000 users had downloaded the infected image from these BitTorrents, causing the iServices Trojan to open “a backdoor on infected Macs,” and connecting them to “remote servers to download new code. It was actively used as part of a botnet that was involved in DDos attacks.”
Other malware threats targeting Apple products in 2009 included Trojans for Adobe Photoshop CS4 for Mac, and the April discovery of proof-of-concept malware named Torred.A. This malware targeted user’s address books and distributed copies of the malware to the user’s recent email recipients.
A deluge of security threats were aimed at the Mac OS X in 2009, especially when compared with previous years. While the Intego report admits that the Mac OS X is “more secure than Windows,” the company cautioned that the Mac OS contains a number of flaws that required Apple to issue numerous security updates throughout the year. Among the 2009 patches: flaws in web browser Safari’s handling of RSS feeds, among 50 other Safari security problems fixed during the year; patches for PDF vulnerabilities; patches for an iTunes security threat in March and September; numerous patches for QuickTime flaws/bugs in June and September; and an August security update for the Apple GarageBand program.
This series of security threats – combined with the fact that Apple products are being increasingly targeted by malware authors due to its increasing market share – led Apple to break with its claims that malware presents no real threat to Mac operating systems. Mac products now include a security disclaimer acknowledging that “no system can be 100 percent immune from every threat,” and that “antivirus software may offer additional protection.”
“Mac market share is increasing”, an Intego spokesperson told Infosecurity, “and Mac users are less security-savy than Windows users.” When asked if Mac users are no longer immune to the malware security threat, the same spokesperson was rather blunt: “No, and they haven’t been for years”, further adding that these types of security threats are “the norm now for Macs.”
Intego was not surprised by this security threat admission from Apple, and the company was quick to criticize the Mac’s new built-in anti-malware features. According to Intego, the security features for the new Snow Leopard operating system had “limited scope and effectiveness”, especially in light of the fact that the anti-malware features “only scanned files downloaded with a handful of applications, only when those files were double-clicked or opened, and only scanned for two Trojan horses.”
As for iPhone security, Intego would not speculate as to the nature of specific threats that may target the device in 2010. Its report reviewed several iPhone security issues from the past year, nearly all stemming from users that “jailbroke” their phones, meaning that they removed Apple’s restrictions on installing third-party applications that are not provided via the iTunes store. Intego notes that, for the time being, “the iPhone, unless jailbroken, has not seen any malware, though there have been vulnerabilities that have required security updates for the iPhone OS.”
When asked how users could protect their iPhones from security threats, Intego’s response was straightforward: tell users “don’t jailbreak their iPhone.”