Kaspersky Lab’s Chief Technical Officier told Computing magazine in an interview that Apple does not take security seriously enough. You might know Kaspersky Lab for their personal antivirus and digital security suites available for PC and Mac computers. According to the article, Apple is too slow to react to security vulnerabilities. The article references a Java vulnerability that Oracle patched, but Apple withheld for 2-3 months; implying that Apple’s negligence allowed for the Flashback Trojan that infected 600K Mac computers.
Naturally, the CTO of an antivirus and security firm doesn’t believe that Apple can keep its platform secure by itself. According to the article, Grebinnikov predicts that iOS devices will begin to be infected by Malware in the upcoming year.
It’s certainly not impossible for Malware to affect iOS devices. There have been three website “attacks” across different iOS versions which were capable of running arbitrary code through the iPhone’s Safari browser, which altered the system’s kernel itself—you might remember these attacks as JailbreakMe.com, a helpful website that could jailbreak iPhones and install Cydia, before Apple closed the vulnerabilities. It just so happens that these exploits were discovered by the modding and homebrew community, but the same exploits could just as easily been used to install keyloggers and other nasty malware.
That said, Grebinnikov admitted that there had been no iOS-specific Malware identified as of yet. With the iPhone being a formidable brand over the past 5 years (three generations of Apple’s phones made the top of 2011’s US smartphone sales), that’s a pretty impressive track record for a company that “doesn’t pay enough attention to security.”
If Grebinnikov is not blowing smoke and can actually make the iOS platform more secure than Apple can with their internal staff and resources, that may mean that exploits important to the jailbreak community would be even harder to come by, since the same exploits that are used to install beneficial code can also… well, it’s called “running arbitrary code” for a reason. The exploits could be used to run anything.
Would you like to see a more secure iOS or a version of iOS with jailbreaks in its future? Let us know what you think in the comments section below.