Kaspersky slams Apple over update
Cape Town - A cyber security company has criticised Apple for a delay in sending out a security update to its operating system after a vulnerability was detected.
Computers running the Mac OS X operating system touted as the "world's most advanced desktop operating system", were compromised by the Flashfake trojan, according to Kaspersky Lab.
The company confirmed that at least 600 000 Mac computers were infected since the trojan appeared in September 2011.
Oracle released a patch to repair the vulnerability about three months ago, but Apple delayed the update to users until April 2.
"The three month delay in sending a security update was a bad decision on Apple's part," said Kaspersky Lab's chief security expert, Alexander Gostev.
Apple usually does not allow third parties to update its software, leading to a longer period for criminals to exploit vulnerabilities.
"This means the window of exposure for Mac users is much longer than PC users. This is especially bad news since Apple's standard AV update is a rudimentary affair which only adds new signatures when a threat is deemed large enough," said Gostev.
The Flashfake trojan allows criminals to send instructions to a user's computer to download additional malware even though no criminal activity has been detected yet.
Many users of Apple computers believe that because the threat from viruses is traditionally low, they are 100% secure.
"If we're talking about Linux users or Mac users, the problem lays in the psychology. All these guys are pretty sure that they are 100% protected and there is no malware," Sergey Novikov, head of Kaspersky Lab Global Research and Analysis Team recently told News24.
He said that mindset of Mac and Linux users was key to limiting the number of hacking incidents.
"The problem is we're running fast with new technologies but our security mindset is behind and that's why we have so many [hacking] incidents."
Mac users are advised to install the latest update from Apple to limit their vulnerability to malware that may allow hackers to steal sensitive information.
- Follow Duncan on Twitter