Mac OS X Security – Reality Check #1

UPDATE: A colleague sent me a link to the source paper that the article discusses: http://www.techzoom.net/papers/blackhat_0day_patch_2008.pdf

As anyone who reads my blog knows, I like to shine a light on areas of common security misperceptions.  I am even happier when others do it. 

I think Apple has really taken a playbook from Oracle (ie, “Unbreakable marketing”) with respect to security in the past year with unsupported security claims in their marketing, drawing the attention of security researchers. 

At Black Hat today, researchers from the Swiss Federal Institute of Technology looked at Apple and Microsoft vendor responsiveness to zero-day vulnerabilities and found … surprise, Apple consistently has more unpatched issues.

Read about the findings in ComputerWorld at Microsoft vs. Apple: Who patches zero-days faster?

If you don’t want to do that, here is a key quote from the article:

What they found is that, contrary to popular belief that Apple makes more secure products, Apple lags behind in patching.

“Apple was below 20 [unpatched vulnerabilities at disclosure] consistently before 2005,” Frei said. “Since then, they are very often above. So if you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple.”

About the Author
Jeff Jones

Principal Cybersecurity Strategist

Jeff Jones a 27-year security industry professional that has spent the last decade at Microsoft working with enterprise CSOs and Microsoft's internal teams to drive practical and measurable security improvements into Microsoft products and services. Additionally, Jeff analyzes vulnerability trends Read more »