Yes, I know I’m behind the curve: I’ve been travelling…
Apple finally decided to make life a little more secure for Leopard users by offering them updates that include detection for some Flashback variants, disable Safari’s Java plug-in by default, and disable Flash Player installations that don’t have the latest security updates. (The updates were originally available only to Snow Leopard and Lion users.) See Graham Cluley’s article here and the Register article here.
While it has virtually no Apple-related content, you might find F-Secure’s report on mobile malware of interest. Well, I did, if only for Table 1, which illustrates how successful, comparatively speaking, Apple’s whitelisting strategy for iOS has been. While malware families detected for other platforms has increased dramatically since 2004, the table includes only two iOS threats (from 2009). You maybe shouldn’t take that as being totally authoritative: a Berkeley paper surveying mobile malware in the wild found 4 examples of iOS malware between 2009 and 2011. However, that probably represents different ways of classifying rather than additional collection resources. In fact, the Berkeley paper only cites 46 examples, and in any case, that’s not a huge increase. The real significance here is the near absence of iOS malware over the whole period, whereas 120 Android threats are listed for 2011 alone.
While Android has a way to go before it catches up to the known total of SymbOS threats, Figure 5′s summary of samples received for Q1 2012 suggests that it also has a loooooooooong way to go before its attempts at regulating Android apps become anywhere near as effective as Apple’s.
David Harley CITP FBCS CISSP