The [Mac] dambusters are out!

It’s been a while since I last wrote on systems security, but the latest revelation of a couple of “mainstream” trojans to affect Mac OS X suggests a new wave in Internet security threats.

The most notable is a security hole in the latest versions of Tiger and Leopard that allows attackers to install malware on a Mac without first requiring a user to enter an administrator’s password. A flaw in OS X makes it possible to circumvent the safety measure by funneling Applescript commands through the Apple Remote Desktop Agent (ARDAgent). Because the commands run as the root user, they have almost unfettered access to sensitive parts of a machine.

Interestingly, the exploit was was written modularly, so that the code that actually exploits the Mac weakness can be bundled with other malware code. That means the same weakness could be targeted over and over by a variety of other Trojans.

Full story: Trojan heralds OS X’s ‘new phase of exposure to malware’

The last bit – about the code being modular and thus more portable to other applications – implies there is a growing trend to target the once “safe” bastion of the Apple Macintosh. There are a lot of them in use now, and many owners see them as safe alternatives to the Windows PC. However, is now the time to get on board the Mac security train?

The bottom line?

Nothing is totally secure, but you can add differing layers of security to provide your desired level of protection.