Zack Whittaker, writing at Zero Day:
Just hours before Apple is expected to roll out the new version of its desktop and notebook operating system, macOS High Sierra, a security researcher dropped a zero-day.
Zack quotes Patrick Wardle, this security researcher, as saying this:
“As a passionate Mac user, I’m continually disappointed in the security of macOS,” he said. “I don’t mean that to be taken personally by anybody at Apple – but every time I look at macOS the wrong way something falls over. I felt that users should be aware of the risks that are out there I’m sure sophisticated attackers have similar capabilities.”
“Apple marketing has done a great job convincing people that macOS is secure, and I think that this is rather irresponsible and leads to issues where Mac users are overconfident and thus more vulnerable,” he added.
This vulnerability isn’t unique to High Sierra, so there’s no reason to abstain from the upgrade because of this security concern. But it’s a reminder that just because you’re on a Mac doesn’t mean you’re more secure than you would be if you were using a PC. That might be true with iOS versus Android, but it’s not true in the desktop OS space. I get that it’s a considerably harder problem to solve since macOS gives the user so much more freedom and flexibility, but here’s to hoping Apple fixes this bug and starts offering a bounty program for macOS.