Mac Flashback

Doug Picotte

May 07, 2012 - Posted by Doug Picotte to Security Insight

Recently I received a Solutionary Security Engineering Research Team (SERT) Emerging Threat Advisory notice regarding a Trojan specifically targeting the Mac called “Flashback”. This Trojan appeared to be an Adobe Flash update when in reality malicious software was installed on the client machine. Once installed, personal information from the users’ web browser sessions can be sent to remote servers. I found this somewhat amusing, because I have heard die hard Mac users (I won’t mention any names) boldly confess that the Mac is virtually immune to these types of vulnerabilities often seen in the wild. This is obviously not the case, and it got me wondering just how many Macs are out there compared to PC based platforms? Market share varies on who you ask, but is generally around 85-90% for Microsoft platforms, and about 5-10% for all MacOS systems. If there are something on the order of 30 million Mac systems in the real-world, that means that with as many as 600,000 systems infected with Flashback we saw a 2% infection rate. While your first thought may be “that’s not many”, you should consider that this was a platform that, for years, people have been preaching how safe Macs were.

Macs are Targets

I think one of the reasons you don’t hear about Mac specific vulnerabilities very often is simply because there are so many more PC based platforms out there that serve as “low hanging fruit” for would be hackers. That is changing however. For example, Gartner has estimated the Mac US market share to be about 10%. Security nerds have been saying for years that the main reason we have not seen as many Mac viruses as we have PC viruses is that there are just so many fewer Mac systems around. Perhaps we have a combination of events here, as critical mass of Mac volume combines with relative security complacency of Mac users and creating a perfect storm.

Keep your Mac Protected

SERT provided links in the Threat Advisory for additional information about Flashback that you may find helpful. I will also include a link where you can check to see if your machine has been infected.

Additional References:

Until Next Time

Special thanks to SERT and Jon Heimerl for additional technical consultation. Thanks very much for reading my friends. Until next time, and as always, ride safe, crank up the tunes, and stay secure!

Read more on Solutionary Minds about:

comments powered by Disqus

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)