As part of its current ad campaign, Apple suggests that Macs aren’t vulnerable to the same Internet security problems PCs are.
But according to a new study by security vendor Symantec, the number of vulnerabilities identified in Apple’s Safari browser in the first half of 2006 doubled over the prior six monthsand it increased its window of exposure to Net-based exploits from zero days to five.
Microsoft’s Internet Explorer browser still has a longer window of exposurethe time between when code exploiting a vulnerability appears and when a fix is availableand a greater total number of security holes. But Apple “is headed in the opposite direction” with respect to its browser’s vulnerability to Internet-based threats, says Dave Cole, director of Symantec’s Security Response team.
Baseline contacted Apple last week requesting comment on the Symantec study, but the company did not provide a response by our Friday deadline.
The tenth edition of Symantec’s twice-yearly Internet Security Threat Report, to be released Sept. 25, analyzes network-based attacks and known software vulnerabilities for the first six months of 2006.
According to the report, the window of exposure for Apple’s Safari browser increased from zero days in the second half of 2005 to five days in the first half of 2006. The number of vulnerabilities identified for Safari doubled, to 12 in the first half of 2006 compared with six the preceding six months.
Meanwhile, Internet Explorer’s window of exposure declined, from 25 days in the second half of 2005 to nine days in the first half of 2006. Vulnerabilities for IE increased for the most recent period, to 38 from 25. Cole says Microsoft cut IE’s exposure window by issuing several “out-of-cycle” patches this year (Microsoft normally releases software updates once a month, on so-called Patch Tuesday).
Read the full story on Baselinemag.com: Study: Apple’s Exposure to Net Threats Rises
Check out eWEEK.com’s for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s Weblog.