Is Apple's iMac Leopard Operating System Secure under ARP-Based Flooding Attacks?

Abstract

Apple’s iMac computers are promoted by the Apple Inc. to be secure, safe, virus free and fast computers. In this experimental paper, we evaluate the security offered by the iMac computers with its usual Leopard Operating System, against ARP-based flooding attacks in a Gigabit LAN environment. We compared the effect of ARP attacks on Leopard OS against those on the Windows XP-SP2 when installed on the same iMac platform under the same network attack environment. ARP-based flooding attacks can originate in a LAN environment, which can impact a victim computer with a barrage of ARP requests, and there by exhausting resource of the victim computers in processing these requests. To study the impact on iMac computers, we created the ARP traffic in a controlled lab environment to test against iMac computer that first deployed Leopard OS and then later the same iMac platform was made to rather use Windows XP OS. It was found that the Apple’s iMac computer using its usual Leopard operating system crashed even under low bandwidth of ARP-based attack traffic, requiring forced reboot of the iMac computer. Interestingly, when compared with Microsoft’s Windows XP-SP2 operating system, deployed on the same iMac platform, the computer was able to sustain the attack and didn’t crash. Our discovery of this vulnerability shows that Apple’s popular operating systems namely Leopards commonly deployed on iMacs are prone to crash under ARP-based security attacks.