As Linux gets more popular, malware will target Linux, it’s just a matter of time. So right now it’s not a big problem, but hopefully Linux gets popular enough that it happens.
You could say the same about macOS, but now that gets targeted, and Linux has about the same amount of reported userbase as macOS now. So if Linux continues to gain traction, I expect it to follow macOS in becoming a target for malware. Maybe it’ll take longer because of the fragmentation, but I think we’ll get there.
This is probably also a zero day because Apple acknowledged that it was in use in the wild at the time (first link).
> every single one requires the user to install something
Not all. HVNC, for example, doesn’t require anything by the user and with clever use, an attacker could get just add much value from it as with a privilege escalation bug.
Also XCSSET Updated used a zero day in Safari.
These attacks are still a lot less common vs Windows because the attack surface is much smaller, but it’s foolhardy to think macOS is immune in some way.
Rarely do attacks use just one strategy, usually they bundle malware with a zero day of some sort. Since macOS has a small user base, look less at the impact and more at the capabilities. All types of malware exist for macOS, so if it gets much larger adoption, we’ll see more effort in packaging them together.
deleted by creator
As Linux gets more popular, malware will target Linux, it’s just a matter of time. So right now it’s not a big problem, but hopefully Linux gets popular enough that it happens.
deleted by creator
You could say the same about macOS, but now that gets targeted, and Linux has about the same amount of reported userbase as macOS now. So if Linux continues to gain traction, I expect it to follow macOS in becoming a target for malware. Maybe it’ll take longer because of the fragmentation, but I think we’ll get there.
deleted by creator
Take your pick.
deleted by creator
Here’s one example of a privilege escalation
https://security.berkeley.edu/news/macos-ipados-and-ios-local-privilege-escalation-vulnerability-cve-2021-30807
And here’s a little more detail about it, complete with links:
https://www.offsec.com/offsec/macos-preferences-priv-escalation/
This is probably also a zero day because Apple acknowledged that it was in use in the wild at the time (first link).
> every single one requires the user to install something
Not all. HVNC, for example, doesn’t require anything by the user and with clever use, an attacker could get just add much value from it as with a privilege escalation bug.
Also XCSSET Updated used a zero day in Safari.
These attacks are still a lot less common vs Windows because the attack surface is much smaller, but it’s foolhardy to think macOS is immune in some way.
Rarely do attacks use just one strategy, usually they bundle malware with a zero day of some sort. Since macOS has a small user base, look less at the impact and more at the capabilities. All types of malware exist for macOS, so if it gets much larger adoption, we’ll see more effort in packaging them together.
deleted by creator