CYBERSPACE—Moscow-based Kaspersky Lab, one of the world's leading antivirus vendors, has expressed serious concerns about the security of Apple's OS X operating system, and worse, about the lack of urgency by the company to address its vulnerabilities. Time, it added, is running out.
"Mac OS is really vulnerable... We've begun an analysis of its vulnerabilities, and the malware targeting it," said Kaspersky CTO Nikolay Grebennikov, adding, " Our first investigations show Apple doesn't pay enough attention to security. For example, Oracle closed a vulnerability in Java, which was a target for a major botnet several months ago."
The botnet successfully infected around 600,000 Macs with the flashback Trojan, which exploited the Java vulnerability.
"Apple blocked Oracle from updating Java on Mac OS, and they perform all the updates themselves," said Grebennikov. "They only released the patch a few weeks ago—two or three months after the Oracle patch. That's far too long."
This is not the first time Grebennikov has critiqued Apple. Last year, he said the company could not continue to maintain a secure environment without becoming more open to help from outsiders.
"Apple is the only protector of its iPhone and iPad users but they don't know the real situation with threats," he told Computing magazine. "It's not possible to create the products they create, and be a world leader in security too; that expertise is elsewhere."
He is now singing the same tune to Computing, only a little more urgently, saying he expects iPhones and iPads to be compromised in the near future.
"Our experience tells us that in the near future, perhaps in a year or so, we will see the first malware targeting iOS," he predicted.