Various sources have been reporting on the recent Java hole that enabled malicious individuals to infect upwards of 600,000 Apple Macs that were running the latest, fully patched version of the O/S.
This Java vulnerability was actually known about sometime last year and has been patched on other systems. Apple in it’s continued, and frankly misguided, belief that it’s systems are safe and don’t need protection like anti-virus software chose not to patch the hole until 100s of thousands of it’s customers had been infected.
The reality is that all consumer computer systems have vulnerabilities and it should be the expected duty of vendors to patch these as quickly as possible to protect their customers and their privacy.
We have all knocked companies like Microsoft for the amount of vulnerabilities and attacks that have occurred against their software, but the reality is that over the last few years Microsoft has made huge progress in producing more secure software, patching in a very timely manner, providing free tools like anti-virus, and working with law enforcement to bring down criminal bot nets.
Apple has avoided many exploits being created as it has historically been such a niche player. Why create an exploit for a few machines when you can create one for orders of magnitude more? As Apple has become more successful and there has been an increased uptake of it’s products in office it has become a more interesting and valuable target for criminals to try and exploit any vulnerabilities.
It is time for Apple to pull it’s socks up from a security stand point, and to become both more proactive and transparent in how it deals with issues and helps protect it’s customers.
For us users of any operating system it’s yet another reminder that we should keep our systems patched and run software to protect us from viruses etc. Oh and not to trust vendors when then tell us their systems are safe and don’t need further protection.
Some detail and commentary on this issue can be found here at the links below;