Mark Dalby

While still not great, the operating systems behind Apple desktops, laptops and phones are getting more secure, researchers at Black Hat  say.

While not recommended for corporate use unless it’s in islands within larger networks, the OSX operating system has made strides, says Alex Stamos, who lead a team of researchers from iSec Partners that researched the OSX and Windows 7 operating systems. Their conclusion is that Apple does pretty well, but Microsoft wins. Even so, earlier versions of Apple’s software were more vulnerable to initial exploitation than Win 7, but the latest Apple version known as Lion makes up ground.

Escalating privileges remains a problem on both operating systems, he says, with OS X having more potential soft spots than Win 7. But when it comes to network vulnerabilities, Apple is the loser. “OSX networks are significantly more vulnerable to network privilege escalation,” he says. “Almost every OSX server service offers weak or broken authentication mechanisms.”

Microsoft today said it will ship 13 security updates next week to patch 22 vulnerabilities in Internet Explorer, Windows, Visio and Visual Studio.

Next Tuesday’s patch lineup is larger than July’s on the update count, but matches that month’s vulnerability total. That’s unusual, since the company usually delivers a heavier load in even-numbered months. “Twenty-two [vulnerabilities] is not a big month, it’s more in the medium range, what with the larger numbers we’ve seen so far in 2011,” said Andrew Storms, director of security operations at nCircle Security.

“Overall, it’s what we could have expected, although as an ‘up’ month, the number [of vulnerabilities] isn’t up to the usual,” said Storms. “The number [of flaws] each month is increasing…. A new baseline is being drawn this year.” In June, for example, Microsoft issued 16 updates — the company calls them “bulletins” — that patched 34 bugs. Two months before that, Microsoft fixed 64 flaws with 17 bulletins.