Attackers have noticeable shifted attacks from operating systems to third party software, and Apple, along with Adobe and Oracle, happens to produce several popular programs, including iTunes, Quicktime and the Safari browser.
Attack vectors have been analysed by Secunia as well. Remote attacks are still on the rise while local network and system attacks slowly declining.
The analysis confirms the growing trend of exploiting third party software.
And none of this should be surprising at all. For YEARS Microsoft has been the most attacked vendor because they have been the most popular. They have also been working on security a lot, and specifically from Windows 2000 (that is where NT displaced 98/DOS), but with a much greater public emphasis since Windows XP.
Apple has had the least secure OS for years now. It's the first OS to get rooted at the Blackhat security convention.
But as above, this will get swept under the rug and denied by the fanboys. A fellow I know, a fanboy, flat out denies that it is POSSIBLE for anything to go wrong on a mac. No viruses, nothing. Impossible. That's just how fanatical some people are. It's a religion and it's zealots are just wonky.
Just to repeat:
The analysis confirms the growing trend of exploiting third party software.
This is because Windows has had such a nightmarish time with security, and has been locked down so tight, that it's simply moronic to try to exploit it when 3rd party software presents an easy option.
Mozilla Firefox tops the vulnerability listing with 96 reported vulnerabilities, followed by Safari with 84, Java and Google Chrome with 70, Adobe Reader with 69, Adobe Flash Player and Adobe AIR with 51, Apple iTunes with 48 and Mozilla Thunderbird with 36.
The top Microsoft programs are Internet Explorer with 49, Excel Viewer with 37 and Excel with 30.
Typically, a user can patch 35% of the vulnerabilities with one update mechanism (Microsoft’s), and needs to master another 13 or more different update-mechanisms to patch 65% of the 3rd party program vulnerabilities.
Which is a bit telling... It seems to me that the real FUD isn't coming out of Redmond anymore. However, I don't really expect anything to change. Microsoft makes for a good punching bad afterall.
