Posted on 12/10/2015 8:37:26 PM PST by Swordmaker
Number of new problems rising, says Symantec
The number of iOS threats discovered this year has more than doubled,from three in 2014 to seven so far in 2015, according to Symantec, with jailbroken devices being the focus of the majority of threats.
Of the 13 iOS threats documented by the technology security company in total, nine can only infect jailbroken devices.
Mac OS X threats are also on the rise, at least historically, according to the security giant. The number of new Mac OS X threats emerging is increasing year-on-year, rising by 15 per cent in 2014, according to Symantec.
This followed an increase of 44 per cent in 2013 and an increase of 29 per cent in 2012. Early indications are that the number on new threats on Apple’s desktop platform for 2015 may come out slightly lower than that in 2014 or 2013, but higher than in previous years.
However, the number of unique OS X computers infected with malware in the first nine months of 2015 alone was seven times higher than in all of 2014. This is partly driven by the increased popularity of Macs but mainly down to successful targeting by crooks.
Much of the spike is down to grayware, such as adware, or potentially unwanted or misleading applications, with threats from spyware and trojans also an increasing problem for Mac fans.
These threats stem from cybercrime gangs branching out to Apple platforms, as well as high-level attack groups such as the Butterfly corporate espionage crew infecting OS X computers in targeted organisations, and the Pawn Storm APT group creating malware capable of infecting iOS devices.
Symantec's take on Apple desktop threats fits with a separate warning about a rising tide of Mac OS X malware from researchers at Bit9 + Carbon Black last month.
The overall number of new Mac OS X vulnerabilities emerging has remained relatively steady in recent years, carrying between a low of 39 and a high of 70 per year. The number of new Mac OS X vulnerabilities has generally been lower than the number of Windows vulnerabilities.
The greater market share Windows continues to enjoy means that the platform is more closely scrutinised by attackers and security researchers, a factor that may go a long way towards explaining the difference.
Elsewhere, the volume of vulnerabilities affecting iOS exceeded those that were documented for its main competitor, Google's Android between 2011 and 2014 (inclusive).
But that trend has reversed in 2015 so far, and new Android vulnerabilities have outpaced those in Apple's iOS operating system for smartphones and tablets.
Although the total number of threats targeting Apple devices remains quite low compared with Windows in the desktop and Android in the mobile sector, Apple users can't be complacent, as Symantec argues.
"Although still small in terms of overall numbers, the number of new OS X and iOS threats discovered annually has been trending upwards over the past five years," Symantec researcher Dick O'Brien concludes in a blog post.
Users considering jailbreaking an iOS device should exercise caution, for example by educating themselves about the risks they may be exposed to, Symantec advises. The majority of iOS threats target jailbroken devices and unofficial app stores are more likely to host trojanised apps, Symantec advises, among other top tips covered in more depth in its blog post.
Symantec's 32-page white paper on the Apple threat landscape, which puts the whole issue under the microsocope, can be found here (PDF). ®
One should implement good security practices regardless of platform
Ping to dayglored and Shadow Ace for their ping lists.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
Oh noes! The sky is falling! The sky is falling!
Jailbreaking greatly increases risk of iOS malware The number of iOS malware threats discovered to date remains quite small, although it is beginning to increase, with seven new threats discovered to date in 2015, up from the previous high of three in 2014.
Now, why would the Register distort the data like that, other than the fact that the Register is known for distorting Apple articles toward FUD. . . but the difference between only 7 malware and 13 is minuscule when compared to the over three million documented malware exploits on Android. Odd.
A spike in Mac OS X threats The number of new Mac OS X threats emerging is increasing year-on-year, rising by 15 percent in 2014. This followed an increase of 44 percent in 2013 and an increase of 29 percent in 2012.
Figure 1. Number of new OS X threats documented by Symantec by yearThis is inclusive of adware, scareware, ransomware, trojans, spyware, and "unwanted and misleading apps." Oh, my.
Then there is the iOS claims. Again, the breathless hyped Register headline isn't supported by the actual Symantec paper:
Jailbreaking greatly increases risk of iOS malware The number of iOS malware threats discovered to date remains quite small, although it is beginning to increase, with seven new threats discovered to date in 2015, up from the previous high of three in 2014.
Figure 4. Number of new iOS threats documented by Symantec by yearAttackers targeting the operating system need to find a way to install malware on a device, which can represent a significant hurdle. Many threats are installed when the target connects their device to a compromised desktop computer. Jailbroken devices present more opportunities for compromise and many threats are designed to take advantage of jailbroken phones. Of the 13 iOS threats documented by Symantec to date, nine can only infect jailbroken devices.
It becomes apparent that the Register conflated 13 iOS threats in SIX YEARS into 13 iOS threats in just one year, 2015. There were two in 2009, one in 2012, three in 2014, and seven in 2015. Thirteen. Eight only applied to jailbroken iOS devices. In fact, three of the ones that worked on non-jailbroken iOS devices were only to JAILBREAK them. That left one that worked on a non-jailbroken iOS device that was a real threat. It was closed within three days of discovery.
Symantec's blog does distinguish the difference between a vulnerability and an actual exploit. They point out that the number of vulnerabilities in OS X has been around 39-70 per year which Apple fixes before they become exploits.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.
