After years of quiet on the home front, Mac users have recently had to defend against a few security threats. The number is still so low as to make a Windows user laugh (or cry), but the attacks are a good reminder of modern computing’s risks.
Leap-A, or Oompa Loompa (February 2006) Even the mainstream press talked about the first “real” Trojan horse for the Mac. Disguised as photos of the next Mac OS, Leap-A could, once clicked on, spread itself to other users through iChat. Leap-A was more a proof-of-concept than a serious risk (see “Digging deeper into the Leap-A malware” for more info). Still, it raised awareness about security gaps in OS X and demonstrated the need for Mac users to be skeptical of unexpected files.
Inqtana-A (February 2006) Around the time that Leap-A arrived, the Inqtana-A worm appeared. Inqtana-A used a vulnerability in Bluetooth to replicate from one Mac to another. However, Apple had already patched this vulnerability in May 2005, so only un-updated computers within 30 feet of infected computers were actually at risk.
Zaptastic (May 2005) An anonymous author revealed security gaps in Tiger’s widgets with this proof-of-concept. By default, Web pages could automatically install widgets, with potentially disastrous results. Apple patched this hole pretty quickly, and users now get an alert whenever a Web page attempts to install a widget.— Kirk McElhearn