Apple OS "really vulnerable", claims Kaspersky Lab CTO (UPDATED)

Claims Apple too slow on security in wake of malware attacks

The chief technology officer of security company Kaspersky Lab has labelled Apple's OS X "really vulnerable" and suggested that Apple is too slow to react to security vulnerabilities.

Speaking exclusively to Computing, Kaspersky CTO Nikolay Grebennikov said his firm had recently begun the process of analysing the Mac platform.

"Mac OS is really vulnerable... We've begun an analysis of its vulnerabilities, and the malware targeting it," said Grebennikov.

• To repeated questions on the relationship with Apple, Grebennikov stated that Apple had invited Kaspersky Lab to work with the company on improving its security, but has since issued a clarification. The company has now said that its analysis of OS X was "conducted independently" but that "Apple is open to collaborating with [Kaspersky] regarding new OS X vulnerabilities."

Grebennikov also claimed that, in his personal view, Apple does not take security seriously enough.

"Our first investigations show Apple doesn't pay enough attention to security," he said. "For example, Oracle closed a vulnerability in Java, which was a target for a major botnet several months ago."

Earlier this year, a botnet of 600,000 Macs was found to have been infected by the flashback Trojan, which exploited the Java vulnerability.

"Apple blocked Oracle from updating Java on Mac OS, and they perform all the udpates themselves. They only released the patch a few weeks ago – two or three months after the Oracle patch. That's far too long," he said.

Grebennikov pointed to the existence of the botnet as evidence that Apple needs help with its security.

"This botnet, which the security community identified, is a huge sign that Apple's security model isn't perfect," he said.

Kaspersky has often been quoted as criticising the security of various Apple platforms, and these latest comments appear to continue that strategy.

For example, a year ago, Grebennikov told Computing that Apple could not hope to keep its mobile platform iOS locked down without outside expertise.

While he admitted that no iOS-specific malware has yet been identified, Grebennikov stated that he expects to see iPads and iPhones being infected by malware in the next year.

"Our experience tells us that in the near future, perhaps in a year or so, we will see the first malware targeting iOS."