Skip to Content

Style vs. Security for Macs

A Mac hacker (and self-confessed fanboy) says that Apple lags behind in security.
March 12, 2009

“I’m a total Apple fanboy,” said security consultant Dino Dai Zovi during his talk yesterday afternoon at the SOURCE Boston computer-security conference. “If Apple made clothes, I’d probably dress in them.”

But part of being an Apple fanboy for Dai Zovi means hacking Macs, and he says that OS X is often easier to hack than Vista or Linux.

Apple enthusiasts often extol the security of the Mac operating system, and they rarely run antivirus software. Dai Zovi agrees that Macs generally face less attack from malware authors, but he said that’s not due to the impenetrability of OS X. The Mac may be safer, but it’s not necessarily secure, he said, comparing the situation to leaving your front door unlocked because there aren’t many thieves in the neighborhood.

Today, about 10 percent of browsers run on OS X, so it’s just not profitable for malware authors to go after Macs, Dai Zovi said. However, the situation could change if Apple continues to gain market share.

In his talk, Dai Zovi demonstrated an OS X attack that allowed him to take control of the built-in camera on a MacBook. He also outlined several ways that attackers could exploit flaws in OS X. For example, he said that many exploits require attackers to locate data stored in a computer’s memory. Vista and Linux use randomization to make this hard to do, and, while OS X does randomize some data, other things are relatively easy for an attacker to find.

Dai Zovi said that Apple has a chance to improve security with its forthcoming Snow Leopard update to OS X. Without improved security, he worries that people may start worming in to Apple’s computers. “Writing exploits for Vista is hard work,” he said. “But writing exploits for Mac is fun.”

Keep Reading

Most Popular

This startup wants to copy you into an embryo for organ harvesting

With plans to create realistic synthetic embryos, grown in jars, Renewal Bio is on a journey to the horizon of science and ethics.

VR is as good as psychedelics at helping people reach transcendence

On key metrics, a VR experience elicited a response indistinguishable from subjects who took medium doses of LSD or magic mushrooms.

This nanoparticle could be the key to a universal covid vaccine

Ending the covid pandemic might well require a vaccine that protects against any new strains. Researchers may have found a strategy that will work.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.