AI 摘要
安全团队Mythos仅用五天就成功破解MacOS,这与谷歌Project Zero团队平均需六个月发现一个同级漏洞形成巨大反差。MacOS零日漏洞在黑市价值超200万美元。此事揭示了苹果安全威胁模型的根本误判:苹果原先预估全球仅有10-20个组织具备此级别攻击能力,但现实表明此类攻击者数量即将跃升至数千。全球约20亿台活跃苹果设备中,Mac用户多为记者、高管、政府官员等高价值目标,他们选择苹果本是出于其安全声誉,此次事件严重动摇了这一基础假设。
Mythos cracked MacOS in 5 days
WHY THIS MATTERS:
- It takes Google Project Zero - the most prestigious bug-finding team in the world - *6 months* per zero-day at the MacOS/iOS level
- MacOS zero-days are worth ~$2 million+ each
- Apple's threat model assumed a world with 10-20 groups capable of attacks at this level. The number is about to be in the thousands
- There are ~2 billion active Apple devices. Macs disproportionately belong to journalists, executives, government officials, etc - the highest-value targets in the world. They chose Apple because Apple was the safest