Numerous reports over the web say that Apple has hired Kaspersky Lab, a Russian computer security firm, to find and fix vulnerabilities in Mac OS X. A Computing report quoted Kaspersky Lab’s CTO, Nikolay Grebennikov, as saying “Mac OS is really vulnerable.”
Kaspersky Lab however has issued an official clarification regarding these recent reports, saying it was misquoted, and that Apple has not solicited the security company to help with Mac OS X’s vulnerabilities. Grebennikov elaborated:
“As Mac OS X market share continues to increase, we expect cyber-criminals to continue to develop new types of malware and attack methods. In order to meet these new threats, Kaspersky Lab has been conducting an in-depth analysis of Mac OS X vulnerabilities and new forms of malware.
This security analysis of Mac OS X was conducted independently of Apple; however, Apple is open to collaborating with us regarding new Mac OS X vulnerabilities and malware that we identify during our analysis. Kaspersky Lab is committed to providing the highest level of security for all of our customers, including Mac OS X, and we will continue to enhance our technologies in order to meet the ever-changing threat landscape. “
Pending further clarification from Apple, the new information simply points to the fact that Apple would of course be willing to collaborate with other security firms as well, as and when vulnerabilities are found.
The recent Flashback malware for Mac OS X quickly made security companies and users alike sit up and take heed that the legendarily secure Apple operating system did have some vulnerabilities, and like every other operating system out there, could not be immune to user error when being tricked into installing malware specifically designed for it. Apart from a Flashback removal tool (MRT), Apple had also integrated a recent Java patch to fully caulk the vulnerability – the security update however, was only made available to Mac OS X 10.6 and 10.7 users.
Apple has now released its Flashback Removal Security Update for Mac OS X 10.5 Leopard, which can be downloaded along with a standard software update, and from the Apple Support website. The fix also disables Java on Safari – those who need it, can visit their browser security settings, or refer to Apple’s comprehensive guide.
Apple has also released another patch, called the Security Update 2012-003 for Leopard, which will also ensure old versions of Adobe Flash Player are disabled as soon as a new version is available, to help protect the user from vulnerabilities that have been patched in the update.