Six Lines

Mac OS X Zero-Day Threats

Posted by Aaron Massey on 21 Mar 2010.

Engadget says Charles Miller, a Mac OS X security expert, is planning to announce no fewer than 20 zero-day security holes for Mac OS X at CanSecWest. From the article:

He also goes on to reemphasize something he’s been screaming for years: “Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town.”

I don’t disagree with the quote. Microsoft has better security practices by almost every account I’ve read, but they are still less safe because there are so many people seeking to attack their products. In addition, Apple has been slow to react to security problems in the past, including some discovered by Miller. However, given that Apple just hired Window Snyder, it stands to reason that they might react a little faster if Miller brought the problems to their attention. Regardless, announcing 20 zero-day holes is not a smart move, and it’s certainly not going to foster good will at Apple.