As Linux gets more popular, malware will target Linux, it’s just a matter of time. So right now it’s not a big problem, but hopefully Linux gets popular enough that it happens.
You could say the same about macOS, but now that gets targeted, and Linux has about the same amount of reported userbase as macOS now. So if Linux continues to gain traction, I expect it to follow macOS in becoming a target for malware. Maybe it’ll take longer because of the fragmentation, but I think we’ll get there.
This is probably also a zero day because Apple acknowledged that it was in use in the wild at the time (first link).
every single one requires the user to install something
Not all. HVNC, for example, doesn’t require anything by the user and with clever use, an attacker could get just add much value from it as with a privilege escalation bug.
Also XCSSET Updated used a zero day in Safari.
These attacks are still a lot less common vs Windows because the attack surface is much smaller, but it’s foolhardy to think macOS is immune in some way.
deleted by creator
As Linux gets more popular, malware will target Linux, it’s just a matter of time. So right now it’s not a big problem, but hopefully Linux gets popular enough that it happens.
deleted by creator
You could say the same about macOS, but now that gets targeted, and Linux has about the same amount of reported userbase as macOS now. So if Linux continues to gain traction, I expect it to follow macOS in becoming a target for malware. Maybe it’ll take longer because of the fragmentation, but I think we’ll get there.
deleted by creator
Take your pick.
deleted by creator
Here’s one example of a privilege escalation
https://security.berkeley.edu/news/macos-ipados-and-ios-local-privilege-escalation-vulnerability-cve-2021-30807
And here’s a little more detail about it, complete with links:
https://www.offsec.com/offsec/macos-preferences-priv-escalation/
This is probably also a zero day because Apple acknowledged that it was in use in the wild at the time (first link).
Not all. HVNC, for example, doesn’t require anything by the user and with clever use, an attacker could get just add much value from it as with a privilege escalation bug.
Also XCSSET Updated used a zero day in Safari.
These attacks are still a lot less common vs Windows because the attack surface is much smaller, but it’s foolhardy to think macOS is immune in some way.
deleted by creator