Apple going the same way as Microsoft, no testing and QA?
On Monday Apple released a fresh round of security fixes for a load of its operating systems and applications. The July patch batch addresses vulnerabilities in iOS, MacOS, Safari, watchOS, and tvOS, though many of the updates are for common components across each of the platforms, such as the WebKit browser engine. These …
Your code is totally bug free? If so, you could become rich explaining how you do it....
Just llok, for example, at the Linux kernel CVEs for 2019:
And that's the kernel only. Add all the CVEs for libraries, tools, etc.
Going the same way as MS, Apple, Google, etc?
From a ROI point of view, it is far less efficient to spend time crafting an attack for 5% of the market than it is for 95%.
Now that Apple has upped its market share, it is becoming a better attack surface from that point of view.
If I decide to try to scam Bill Gates out of a billion, I am going to spend years of effort to get to know him, his family, his house and his habits, and it will cost me a small fortune for no guaranteed return.
On the other hand, if I craft a threatening letter over torrenting or somesuch, hire a spammer and split the proceeds for an attack of 10 million people, I'll likely cover my costs and reap a nice bundle, while likely staying out of reach of the law.
If I were such a criminal, what do you think I would prefer ?
Depends on the kind of attack. A ROI can be far worse if you end up attacking mostly nerds with little money still living in their parents' basement.
Sure, if your plan is to scam a few dollars from each, or you need a botnet, it can work, you can make money, and it may require less skills.
On the other end if you attack 5% of the market but that market is mostly made of more affluent people, upper managers and so on, and your aims is to scam more money from each, and you skills are adequate, why not? You get targeted
advertisingvictims, after all.
When "iconic" white headphones came out, it made things a lot easier to pick targets. Or so I've heard said.
MacOS, at least since X, had a headstart in security over Windows, because it came from a system with a well-understood permission system. It's taken a while but Microsoft has largely caught up, while Apple has expanded the attack surface with things like Safari, QuickLook, etc. Though some of this is unavoidable for the provision of some services.
Still, Apple could do a whole lot better if it adopted a more standard unix (BSD) approach for keeping system components up to date.
> "it is far less efficient to spend time crafting an attack for 5% of the market than it is for 95%."
That depends on the target. Apple users were (and some still are) convinced that Apple products could not get infected by virii etc.
So if 95% of banks had their current security setup, but 5% of banks didn't believe bank robbers would target them for "insert reason here", and thus didn't implement sufficient security, which would you go for?
That's a false equivalence. For the bank example, an attacker picks a single target and would try to optimize lack of security with other factors. A malware attack is almost always targeted at everyone they can. If you want to pursue the bank analogy, it's like saying "In one town, you have 5% of the banks. In the other town, you have 95% of the banks. All banks in each town keep their money in the same place, but with different security. Which big vault are you going to break into?". In order to choose the 5%, you either have to know a good way into their vault that you don't have for the 95%, or you have to be really confident that they have more money. If you're opportunistic and just choosing one, you'll probably try for the one that has the more money, which is likely to be the one used by 95% of the banks.
What is this nonsense with this headline format?
It's 2019 and you can still....
What has the year got to do with it?
You'll still be able to pwn devices with malicious code running on a web sire next year.
Are you going to continuously write It's 2020 and you can still.... ?
Honestly it's as tiresome as always putting an exclamation mark after each word in an article about Yahoo!
Biting the hand that feeds IT © 1998–2020