The authors of a course on anonymity and security from the CyberYozh security group have published a new chapter with the provocative title “The Myth of Incredible MacOS Security”. In this chapter, they rolled over macOS security, showing that not only can it be hacked, but that it is routinely hacked.
Their position is based on data from hacking contests, where macOS is regularly hacked, and data from a vulnerability aggregator site that charts the number of vulnerabilities found in Apple’s operating system in recent years.
It is difficult to argue with the facts – macOS really is not as invulnerable as some Apple fans think. And how is the Windows operating system doing? In fact, it’s about the same. The high vulnerability of Windows, its “hole-in-the-wall” is another myth.
The reason for this myth is not only that there is more malicious software for Windows, but also that users are more savvy. The average user of a macOS computer is much more security-savvy than the average user of a Windows computer.
Finding and developing malicious software for macOS is not a profitable investment; it won’t pay off, since there are relatively few macOS devices. For the same reason, there are very few developers with sufficient experience working with macOS; there are also very few of them on the black market. Developers go where there are a lot of orders, and there are more orders for Windows applications development.
Ordinary users focus on the security of the system itself when it comes to comparing systems, but believe me in my experience, browser security is just as important here. If you can get out of the browser sandbox (in other words, get past the browser security system), you can sort out the operating system somehow.
Most macOS users use the Safari browser because it is used by default by the system and is perfectly optimized for Apple computers. While it is one of the most vulnerable in the big five browsers (Chrome, FireFox, Opera, Edge, Safari) according to numerous studies.
One such study was conducted by Google Project Zero. It found as many as 17 vulnerabilities in Safari, compared with 6 in Edge and 4 in Firefox. It is not for nothing that specialists from the CyberYozhsecurity group recommend using Mozilla Firefox in their course, including macOS users.
By the way, Chrome is recognized in most studies as one of the safest browsers, but it collects a lot of information about users compared to Firefox.
There is another myth, which I would like to destroy at the end of the article. There is a popular belief online that using relatively unpopular browsers reduces the risk of hacking, because attackers do not develop vulnerabilities for rare browsers. To be honest, I don’t know any good rare browsers, Yandex.Browser, for example, cannot be called rare anymore, and it collects information about the user even more than Google Chrome.
But that’s not the main thing either – the majority of alternative browsers are either based on Firefox or, much more often, on Chromium (the same Yandex.Browser). This means that all the vulnerabilities for Firefox and Chromium also apply to the so-called forks, but in addition to them, they also add their own vulnerabilities made by developers who are usually less qualified and experienced than Microsoft, Mozilla or Google developers.