In the face of new threats aimed at OS X, a security expert said that Mac users may be even more vulnerable than Windows users who are more likely to be running up-to-date anti-virus programs. Graham Cluley of Sophos says that many Mac users are missing a “valuable safety net.”
Mac users should make sure that they have some form of protection, Cluley said. However, keeping your computer safe from cybercriminals isn’t just a case of having anti-virus programs installed. It’s about making sensible choices as well.
“As we have seen on the Windows platform, the majority of the attacks do not exploit any weakness in the operating system, but instead take advantage of the bug in people’s brains,” Cluley told Macworld UK. “Mac users can be just as easily duped as their Windows cousins into making poor choices, and could end up infected as a result.
“The only difference is that if you’re running Windows, you’re much more likely to have protected yourself with up-to-date anti-virus software which acts as a valuable safety net.”
Cluley’s comments come in the wake of the discovery of a new threat that bypasses OS X’s built-in security protection features. Last week, AlienVault reported that it had encountered a malicious Microsoft Office for Mac file that on the surface appeared to be targeting non-governmental organisations in Tibet.
“A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record,” wrote Jaime Blasco on the AlienVault Labs blog. “An attacker who successfully exploits this vulnerability could take complete control of an affected system.”
Fellow security firm Intego in a blog post last Thursday, warned that it was necessary to make sure you keep all software updated—not just anti-virus programs—as though this attack seemed to be targeted, it could be adapted for use against other OS X systems.
“These Word documents exploit a Word vulnerability that was corrected in June, 2009, but also take advantage of the fact that many users don’t update such software,” said the Intego blog post. “Word 2004 and 2008 are vulnerable, but the latest version, Word 2011 is not. Also, this vulnerability only works with .doc files, and not the newer .docx format.”
The Intego post goes on to say that, “This malware is fairly sophisticated, and it is worth pointing out that the code in these Word documents is not encrypted, so any malware writer who gets copies of them may be able to alter the code and distribute their own versions of these documents.”
Sophos’ Cluley warned that OS X would not protect against these attacks, which can be used to open up a Mac to further malware.
“Don’t be fooled into thinking that you are protected by Mac OS X itself, which will ask for an administrator’s username and password to install software,” said Cluley. “You won’t see any prompt for credentials when this malware installs, as it is a userland Trojan. Neither the /tmp/ nor /$HOME/Library/LaunchAgents folders on Mac OS X require root privileges—meaning that software applications can run in userland with no difficulties, and even open up network sockets to transfer data.”
Meanwhile, F-Secure reports that it has encountered a variant of the Flashback Trojan that takes advantage of a vulnerability in Java had been seen in the wild.
The Java vulnerability has actually been patched by Oracle, though only for systems running Windows—neither Oracle nor Apple have released a fix for OS X yet. In order to stop the attacks becoming an “outbreak,” F-Secure recommends disabling or removing Java from OS X.
Instructions on how to remove Java from OS X Lion can be found on this website. F-Secure also offers instructions on how to disable Java.
Free anti-virus programs for Mac are offered by Sophos and Avira, while most other security firms offer paid-for versions for Mac.