Just ran across this eWeek article: Apple’s Switch to Intel Could Allow OS X Exploits. My first reaction was that this is bogus, but I guess there is a good point to be made – there are a lot more people out there who are comfortable with the x86 architecture than with the PPC architecture, at a machine code level. That matters.
The thing that might matter more, though, is endianness. Matt Miller, a co-worker at Positive Networks and frequent security presenter at various hat-related conferences, has pointed out to me that if stacks grew in the opposite direction (i.e. big endian vs. little endian), stack overflow attacks that overwrite return addresses are more difficult. PPC is big endian, and x86 is little endian. That doesn’t do anything for other kinds of buffer overflow attacks (or any other kind of attack for that matter), but ret-based attacks are common. (I don’t know anything about PPC assembly, and Matt was talking about SPARC at the time, but I assume this still makes sense.)
One area in which Microsoft really shines is in base OS. Apple’s kernel has some architectural issues that it inherited from its open-source ancestry, and it still lacks support for things like DEP.
At any rate, it will be interesting to see what happens. It’ll be hard to tell the real truth, though, if Apple really does sell a lot more Macs.
Update: Matt sent along this clarification regarding stack-based attacks on big endian architectures:
Stack-based overflows are perfectly possible on big endian architectures. Here’s a document that describes how.
The distinction revolves around the frame to which the buffer belongs to. You need one level of nesting in order for it to be possible (due to the direction the stack is growing).