Say goodbye to the idea that Macs are more secure than PCs... This one looks nasty. It spreads without the devices without needing them to be networked.

As the article points out, Apple's security is anything but legendary.

Is it a "vicious worm that atticks macs" or is it

"designed a proof-of-concept worm"

and
“It turns out almost all of the attacks we found on PCs are also applicable to Macs,” says Kovah."

(because?)

"because hardware makers tend to all use some of the same firmware code."

and

"They notified Apple of the vulnerabilities, and the company has already fully patched one and partially patched another. But three of the vulnerabilities remain unpatched."

so.
nothing much to see. A curiosity at a security conference. Luckily, Apple can push a button and offer an update to all recent OSX versions. This is something Microsoft will soon be able to do too, but only with Windows 10.

Now stagefright. Now. thats a thing.

Luckily, Apple can push a button and offer an update to all recent OSX versions.

Well, only if you have recent enough hardware that can even support a recent OS... ;-) I have some older Mac towers in my office that haven't seen an update in years. Those machines are still quite functional, but they will continue to be vulnerable to this.

This is something Microsoft will soon be able to do too, but only with Windows 10.

Microsoft has had automatic updates as the recommended setting for quite a while now (since XP ~2001). Not everyone took advantage of that though. Regardless, I can still get Microsoft updates for OSs dating back to Vista regardless of the hardware.

Will the lack of Apple's support for older hardware be an issue here? Could be.

I have some older Mac towers in my office that haven't seen an update in years.

You should really not be using an OS that does not get updates. It will be insecure ever without attacks like this. Your hardware can support a recent OS - just not recent MacOS.... if you need to use MacOS, reuse the hardware for a different purpose or give it away.

Luckily, Apple can push a button and offer an update to all recent OSX versions. This is something Microsoft will soon be able to do too, but only with Windows 10.

Apple were not even the first with that, not by a few years! MS really took their time to copy....

You should really not be using an OS that does not get updates. It will be insecure ever without attacks like this. Your hardware can support a recent OS - just not recent MacOS.... if you need to use MacOS, reuse the hardware for a different purpose or give it away.

These are unnetworked machines that run old versions of Adobe software and are only used for editing video and graphic files. If they were needed for anything more I might try to get new machines, but they work just fine and replacing them would be prohibitively expensive. They were pretty high end back in the day...a few years back.

@bill, are they sufficiently well isolated to be safe from this? In that case your (unusual - not networked is rare) circumstances it is reasonable.

@EditorialGuy, of course Apple's security is legendary. It is also literally fantastic.

It seems like the transmission vector for this works even on non-networked machines. However, given that they aren't used for mail or browsing I hope they will be safe. They aren't new enough to use the Thunderbolt Ethernet adapter mentioned in the article. Files are usually sneaker-netted into the machines via DVDs and CD-Rs.

They keep saying "non-networked machines" but then the example they keep giving is the ethernet adapter. I think they mean machines that are connected to peripherals through ethernet but not to the web. So if you have one web-connected machine and several others that connect to the same printer you could be at risk.

They don't say anything about USB or what have you.