Vulnerability scanner software and appliances are popular in information security communities. They are known for their ease of use by those who are looking for an automated solution to test computer networks and systems. However, I personally do not recommend them as the ultimate solution for security assessment or penetration testing. The design of these tools are based on known vulnerabilities and theoretical knowledge.
I always recommend practical knowledge rather than theory. I always ask my students and colleagues to develop their knowledge in a way that their knowledge becomes their best tool. However, today I want to call on companies and professionals to develop vulnerability assessment tools and solutions for Apple devices and the Mac OS X operating system.
Although, Mac OS X is based on UNIX combined with Apple’s customized graphical user interface (which has also been further customized for iOS, iPhone, iPod and iPad), this UNIX is far from its origin. Furthermore, the growing number of customers which use Apple devices and the different versions of Mac OS, has changed the market trend and Apple’s market share.
Moreover, third party applications for Mac OS X and particularly iOS are not tested for security related issues or vulnerabilities. Prior to their publication, these applications are usually just tested with an antivirus application to check for any known viruses or malicious codes.
Although, Apple provides resources on its website for secure coding, this is not enough. It is now necessary, more than ever, for other companies and professionals to develop new tools, frameworks and testing procedures for Mac OS X and Apple devices.
With reference to the Secunia Half Year Report 2010, Apple has now taken the first place in the list of top ten vendors with the most vulnerabilities. In second and third places are Oracle and Microsoft.