Apple IT Security in Dire Straits

VIP LOUNGE

CLOUD LOGIN

You are here: News > News > Apple IT Security in Dire Straits

» IT Security NEWS

» 10 June 2009

Apple IT Security in Dire Straits

A famous security advisor recently asserted that Apple is struggling to institute better security measures to protect its consumer base from online threats like malware, spyware, viruses, worms, trojans, phishing scams, and the like. The fact that Macs still contain a six-month old Java vulnerability that was never addressed up until now certainly doesn't help its case.

Rich Mogull, a self-described owner of seven Macintosh computers and founder of the security firm Securosis, recommends to Apple executives to enhance their IT security safety ratings by implementing a secure development lifecycle (SDL) program to protect their growing catalog of products from security holes and their accompanying exploits.

Mogull adds that a multitude of sources confirm that Apple doesn't have an official security program prescribed to it, and as such they tend to fail in detecting bugs and glitches that would otherwise be avoided before a product is even released. He insists that Apple should address this deficiency by "integrating secure software development into all (their) internal development efforts."

Microsoft was among the pioneering companies that employed SDL into its domestic development schedules. Under the program, the software giant was able to create products with Internet defense and safety measures in mind from the get go. The security-focused syllabus helped its programmers replace weakly written fragments of older code with new code that can better withstand exploits and hacker attacks. Developers had even run simulated attacks onto their programs in order to find other possible holes and leaks. Even Adobe Systems eventually followed suit after being criticized for its spotty security measures, enhancing its Reader and Acrobat programs with its own SDL program.

Mogull's SDL advice to Apple was one of many he made as of late in order to guarantee that the multi-billion-dollar corporation is doing everything it can to protect its clients from the hazards of the Information Superhighway. Mogull writes in a recent article on the Mac news website Tidbits that even though Apple considers the security of its products as a top priority, the company is having a hard time implementing its lofty ideals when faced with actual security crises.

The researcher rightfully blames the manufacturing company for its ongoing failure to patch the aforementioned gaping vulnerability in the Mac versions of Java. He afterwards compels Apple to finally finish its work in adding anti-exploitation measures into OS X, like their partially done no-execute flags, stack protection, library randomization, and sandboxing services. At any rate, the company has yet to respond to the criticism about the Java vulnerability still found in all Macs.