2012 was an “exciting” year for OS X security—at least if you’re a security expert or researcher. There were plenty of events to keep people on their toes. Although Apple took some egg on the face for some of them, overall, the company came out ahead when it came down to keeping users safe.
At least that’s the opinion of some security researchers who followed OS X developments throughout the year.
Back to the Flashback
Remember Flashback? That malware first made its way onto the Mac in 2011, but never became widespread enough for most users to even become aware of it—until earlier this year. Suddenly, Apple was faced with arguably the first truly high-profile malware to appear on OS X, right as Apple was appearing more than ever in the media.
The incident sparked plenty of hemming and hawing about the end of “security through obscurity” for Apple. Researchers and pundits alike argued that Apple’s continued popularity could only lead to more attacks on security, whether they occur on iOS or the Mac. Indeed, it’s hard to deny that malicious attacks on Mac users are increasing in frequency, and Apple did take some flak for talking a big security game for so long while simultaneously leaving open a Java hole for two whole months after it was first patched by Oracle.
Removal of Java
But despite this stumble, the Flashback fiasco was the catalyst for one of the most meaningful decisions Apple made in order to beef up OS X security.
“Flashback both led to Apple removing Java from their default installs, and prompted them to release a dedicated cleanup tool,” security researcher (and former security engineer for Obama for America) Ben Hagen told Ars. “When an OS vendor releases a dedicated cleanup tool, you know things are bad.”
Hagen pointed out the need existed for Apple to release its own Flashback cleanup tool because the Mac anti-malware market and user base “is relatively immature.” But the bigger decision to come out of Flashback was to reduce the role of Java in OS X users’ lives as much as possible, unless the user specifically installs it.
Full Story: Where OS X security stands after a volatile 2012 | Ars Technica.