14 DAY TRIAL // Russia-based security software vendor Kaspersky has been tapped by Apple Inc. in Cupertino, California to look into the major vulnerabilities in Mac OS X and help the company close them up [Update: see below].
Speaking to Computing, CTO Nikolai Grebennikov said Kaspersky had already begun the process of analyzing the underpinnings of Mac OS X at Apple's request, in order to strengthen the security of the operating system.
“Mac OS is really vulnerable,” he said, “and Apple recently invited us to improve its security. We've begun an analysis of its vulnerabilities, and the malware targeting it,” said Grebennikov.
The move is directly tied to the Flashback malware botnet reported earlier this year. Having infected over half a million Macs worldwide, the Trojan horse was enough to raise awareness about the weaknesses in Mac OS X.
Although Apple’s operating system is still more secure than Windows (by quite a margin, actually), “This botnet, which the security community identified, is a huge sign that Apple's security model isn't perfect,” said Grebennikov.
The Kaspersky CTO highlighted Apple’s slow reflexes regarding the Java holes exploited by the Flashback Trojan, stating: “Apple blocked Oracle from updating Java on Mac OS, and they perform all the udpates themselves. They only released the patch a few weeks ago – two or three months after the Oracle patch. That's far too long,” he said.
Weighing in on the state of the iOS, the Kaspersky executive said:
"Our experience tells us that in the near future, perhaps in a year or so, we will see the first malware targeting iOS."
Update: Kaspersky has released a new statement clarifying that the Russia-based security company has not, in fact, been tapped by Apple Inc. to help with the security of Mac OS X. Full follow-up available here.