Security researches revealed vulnerabilities in ChromeOS this week at Black Hat, it was reported today by VentureBeat. By exploiting an issue in the pre-installed ScratchPad extension, the researchers were able to gain access to data stored in a user’s Google account.
This is particularly noteworthy since Google has cited security as a benefit in using Chrome and has been shifting its own enterprise desktops towards Chrome, Linux and OSX.
And speaking of OSX, ZDNet’s Ed Bott recently took a look at the future of Mac malware and considers why things have been quiet since the Mac Defender outbreak.
Bott speculates that Mac Defenders’ disappearance in recent weeks is due more to Google rooting out the criminals’ SEO strategy rather than Apple’s patches since the scam’s Windows counterpart has also gone silent. Meanwhile, Bott has seen evidence of some particularly nasty OSX malware on security research mailing lists, but that hasn’t been seen in the wild.
Earlier this year Bott pointed out that Apple has disclosed numerous arbitrary code execution vulnerabilities. These are the type of vulnerabilities that enable “drive-by” attacks in which users can be infected with malware just by visiting the wrong site, as opposed to having to be tricked into actively installing something as with Mac Defender.
The Chrome and OSX vulnerabilities go to show that there is no such thing as a free lunch when it comes to OS security. There will always be vulnerabilities and those need to be considered.
