Apple has done a good job of protecting its users
Part of the reason for this has been the work done by Apple to secure its operating systems and devices. It has invested heavily in security teams and spends more time validating applications than most vendors in the market. This not only applies to Mac OS X but also to its mobile operating system iOS.
iOS has come under attack from several pieces of malware with the vast majority of successful attacks targeting jailbroken devices. This year has seen the first successful iOS attacks against non jailbroken devices. In June Andy Greenberg reported in Wired that the latest iOS malware hitting iPhones and iPads in China was not just targeted at jailbroken devices. Instead there were two distinct iOS mass malware infections doing the rounds.
In September the situation got worse for Apple when it was reported that the Xcode Ghost malware had been found in apps on the Apple App Store. The surprise for everyone is that this was not something done by the developers. It turned out that they were tricked into downloading an infected copy of the popular Xcode installer which infected their apps without them knowing about it. The apps then made their way through the Apple validation process and onto the Apple App Store. Apple has since pulled all infected apps from its site and added new verification routines to prevent this happening again.
Other attacks against Apple such as the recent leaking of photos from Apple iCloud service have come from weak third-party security. Attackers were able to penetrate the systems run by the third-parties and from there gain access to iCloud. Since those attacks, Apple has been working with its third-party suppliers to tighten up their security especially where their services are integrated into Apple’s iCloud services.
As Bit9+ Carbon Black have shown Mac OS X malware is nothing new but the sudden increase will get Apple’s attention. While it has been willing to leave anti-malware to third parties so far, this rise in attacks and Sconzo’s statement that attacks are likely to accelerate may well prompt it to consider entering the security market itself.
Until then Mac owners will need to consider whether they are still willing to risk being attacked rather than buy anti-virus software for their devices.