Mac OS X Security Myth #2: Nobody Attacks Mac OS X

Following up on Mac OS X Security Myth #1: Mac OS X Has Few Security Bugs, this post continues my look at “perception versus reality” for Mac OS X security.

There aren’t a lot of sources of validated compromises, but one of the few we can check is www.zone-h.com, which gathers and documents web server compromises, along with a lot of information about the compromised systems.

I went to the zone-h home page and clicked on Attacks Archive.  Next, I click Enable Filters to open up some filtering options for the archive of compromised site.  One of the filters is System, so I used the pulldown to select “MacOSX” and then the “Apply Filters” button and this is what I get:

Well, that’s not a small set of compromised web sites, is it?  Look closely along the bottom of the screenshot and you’ll see that this is page 45 of 50 pages of listed compromised sites. 

Now, MacOSX certainly isn’t the platform with the most attacks over the past couple of years, but that isn’t the point.  The point is that, given sufficient motivation, attackers can and do attack any platform – and succeed – even against Mac OS X. 

The idea that nobody attacks Mac OS X definitely appears to just be a Myth.

About the Author
Jeff Jones

Principal Cybersecurity Strategist

Jeff Jones a 27-year security industry professional that has spent the last decade at Microsoft working with enterprise CSOs and Microsoft's internal teams to drive practical and measurable security improvements into Microsoft products and services. Additionally, Jeff analyzes vulnerability trends Read more »