SecurityAdvisory Title: Intego VirusBarrier X4 definition bypass exploit
Release Date: 2006 November 8
Affected Products: Intego VirusBarrier X4
Severity: Moderate
Where: Local System
Author: Kevin Finisterre
Fix: Bug Fixed Starting with 2006/11/01 Vdef files
Exploit: pwntego.tar.gz
Kevin Finisterre, a security researcher with digitalmunition.com has discovered and demonstrated a flaw in Intego VirusBarrier X4, an antivirus program for Macintosh computers. The “pwntego” exploit show how systems running Intego VirusBarrier X4 can lose their protection. Kevin discovered that the program suffered from a flaw related to the number of alerts it can process simultaneously.
Kevin saw that if an attacker is …
November 11, 2006 •
8 min read
SecurityRecently, Mac OS X has been known to be vulnerable to many new remote exploits.
Theses exploits are allowing to remotely execute code on your computer when you surf a webpage. Most of the people reading about theses vulnerabilities often missunderstand or apprehend the impact it can have, for a user.
While many people will use Paranoid Android, from Unsanity, and it does protects you well, many don’t even know about the vulnerability in the first place. Theses can lead to the total erasement of your personal data (by erasing /Users/you), to …
May 8, 2004 •
4 min read
SecurityNotes & Warnings
Ability
If FileVault is enabled on an account, access to that account’s Public folder and Sites folder will not be available to anyone else, regardless if the user is logged in or not. So, if that user wishes to serve a website out of the Sites folder in their home folder, activating FileVault is would not be a viable option for him or her.
Stability
There have been several reports of people losing data with FileVault and various related errata under Mac OS X v10.3.0, but the 10.3.1 update along with …
November 16, 2003 •
5 min read
SecurityMac OS X FileVault Security Advisory
Advisory Title: FileVault Leaves Unencrypted Home Data Behind
Release Date: 2003 November 6
Fix Date: Mac OS X 10.4 (May 2005)
Affected Product: Mac OS X 10.3 Build 7B85
Impact: Unencrypted Data Left Behind
Where: Local System
Author: CodeSamurai (codesamurai@mac.com)
Update (Mac OS X 10.4): With the release of Mac OS X 10.4 (Tiger), Apple has included a fix for this in the FileVault enabling process. When the user goes to enable FileVault on their user account in System Preferences, one of the sheets will now have a “Use secure erase” checkbox. …
November 6, 2003 •
3 min read
SecurityWhat is Crypt for Mac OS X?
Crypt is a native MacOSX application for encrypting and decrypting files with a password of your choice. The cipher used is Blowfish. Blowfish is currently the fastest mainstream block cipher and is used in OpenSSH.
There are so many uses for encryption from securing resumes, office documents to photos. Remember when you use encryption like this you must remember your password, writing it down on a sticky note defeats the purpose of security!
Usage
If you can understand the concept of drag and drop you will easily …
November 3, 2003 •
1 min read
SecurityAdvisory Title: USB Keyboard Init Crash -> Root Access
Release Date: 2003 October 31
Affected Products: Mac OS X 10.2.7 and prior (possibly 10.2.8)
Severity: Moderate
Impact: Root Access
Where: Local System
Author: Jason Storm (jms@lasergun.org)
VULNERABILITY
With access to a USB Keyboard connected to the computer running Mac OS X 10.2.7 and prior (and possibly 10.2.8) the user can hold down control-c during startup to be dropped to the administrative full controlling root shell prompt due to init crashing.
init will crash within three minutes into the booting process and will drop you into a root shell. With …
October 11, 2003 •
2 min read
SecurityAffected Product: Mac OS X 10.3 Build 7B85
Severity: Low
Impact: Security Bypass
Where: Local System
Author: CodeSamurai (codesamurai@mac.com)
VULNERABILITY
With access to the keyboard, an unauthorized user can access the currently active screen-locked user environment. However, there is only a relatively small opening in the period of time in which the keys events get through; completing complicated operations at the keyboard have shown to be highly tedious in actual practice thus far.
EXPLOIT
With the screen effect active, keys pressed before the authentication window appears will be sent to the general user environment.
PRACTICAL TESTS
Tested Examples:
An open word …
October 4, 2003 •
2 min read
SecuritySAINT, or Security Administrator’s Integrated Network Tool, is a vulnerability scanner that allows network administrators to scan their local area networks for security flaws. SAINT can then prepare reports detailing the extent and seriousness of these weaknesses, as well as providing links to fixes and recommended security procedures. While SAINT was originally developed for UNIX based systems, it has recently been ported to Mac OS X.
Installation
Installation of SAINT may be a rough task to those not familiar with UNIX. Users are expected to know how to use the terminal to …
September 2, 2003 •
3 min read
SecuritySecurity Issue: Mac OS X Screensaver Password Protection Bug
Systems Vulnerable: Mac OS X 10.2.6 and prior
Date Fixed: TBA
Apple’s Mac OS X screensaver apparently contains a buffer overflow vulnerability that causes the screensaver to dump not requiring the user to enter a legitimate username and password.
When enabling the password protection on the Mac OS X screensaver users are required to authenticate before leaving the screensaver to gain access to the desktop again. Delfim Machado notified Apple that he had learned of a bug that caused the screensaver to exit without properly …
July 7, 2003 •
1 min read
SecurityComputers running Mac OS X prior to 10.2.4 and unpatched contain a vulnerability that can be exploited to create files that can be run at elevated privileges because of the TruBlueEnvironment. Included is the security advisory covering the issue discovered by @Stake’s Dave.
For those unable to update they can change the permissions of the vulnerable files to the admin group.
sudo chown .admin /System/Library/CoreServices/Classic\ Startup.app/Contents/Resources/TruBlueEnvironment
sudo chmod 4750 /System/Library/CoreServices/Classic\ Startup.app/Contents/Resources/TruBlueEnvironment
Security Advisory
Advisory Name: TruBlueEnvironment Privilege Escalation Attack
Release Date: 02/14/2003
Application: TruBlueEnvironment
Platform: MacOS X (10.2.3 and below)
Severity: Local users can gain root privileges
Author: Dave G.
Vendor …
February 11, 2003 •
3 min read
SecurityInformation
LittleSecrets for Mac OS X gives the Macintosh users the ability to store notes in an encrypted format that can only be accessed with the password assigned to the file. Upon launching the encrypted file the user is instructed to enter the password, only upon proper authentication is access granted to the file.
Think of LittleSecret as a note management system that allows for you to sort and create new notes all manageable from the programs interface. The user is allowed to create folders and sub-folders to sort the information even …
January 10, 2003 •
2 min read
SecurityInformation
Tresor is a file encryption tool for the Macintosh. It is simple to use, fast, and offers very high cryptographic security. It is available in native versions for 68k Macs and PowerMacs as well as in a FAT version and requires MacOS 7.0 minimum. Tresor is shareware. The registration fee is 20 Euro.
Tresor encrypts any file using the IDEA block encryption algorithm. Encryption uses self-selected passwords. For decryption, the same password that was used for encryption will be needed again.
IDEA (International Data Encryption Algorithm) uses data blocks of 64 bits …
December 8, 2002 •
2 min read
SecurityKeys Off is now at version 1.3.2, now fully compatible with MacOS 9 and includes version 1.5 of the BlackWatch screen saver.
Information
Blue Globe Software has been producing high quality shareware since 1991, and they expect to continue this trend for a long time to come. They have updated and patched previous versions of Keys Off to keep it up to date. Their Software has many features you can not find anywhere else for a very low price.
DOWNLOAD Shareware Version
You can use Keys Off by Shareware, to download version 1.3.2 click …
November 11, 2002 •
3 min read
SecurityResolution
The issue described below was addressed and take resolved by Apple July 12th 2002 by adding checksums to downloads. Update to current version of Mac OS X via the software updates or visit AppleCare Document 75304
Information
Anonymous writes “I have recently been forwarded a mail from a reliable source which highlights a possible security issue with Software Update. I have not tested it myself, but both the source of the mail and the person who forwarded it are reliable and have always helped me to keep up to date with a …
July 6, 2002 •
2 min read
SecurityMAC OS X Security to the general Macintosh user has never been much of an issue. Turn it on, use it, turn it off when you’re done. And even if you’ve got a DSL or other dedicated line, warnings related to hack attempts on open and dedicated networks lines never seemed to instill fear in a Mac user. Sure there are products like Norton Personal Firewall or NetBarrier 2.0, but these are for professionals right? Well, not really. But the truth is, for the general Macintosh user, the chances of …
June 5, 2002 •
7 min read
SecurityAbout Cisco VPN Client
The Cisco VPN (Virtual Private Network) Client establishes an encrypted tunnel between a local system and a Cisco VPN Concentrator. The tunnel provides confidentiality and integrity for the data in transit, allowing a user on the local system to securely connect to a corporate network via a public, possibly untrusted network.
Information
Cisco’s VPN Client for Mac OS X, Linux and Solaris contains a security vulnerability which results in administrative privileges via a exploit. The Virtual Private Network (VPN) client allows for the Non-Windows platform to function over a …
June 4, 2002 •
4 min read
SecurityThis is one section of an overall document. The overall publication covers the setup of a Mac OS X Server. This part is being made public to help others secure their machines.
This document outlines some security measures for the Mac OS X Server 1.0 – 1.2 platform. While Mac OS X Server (OSXS) is a fairly secure environment out of the box, these basic measures help create a more secure computing environment. They should be taken by all personnel running a Mac OSXS on the WSU campus network.
The measures outlined …
June 2, 2002 •
11 min read
SecurityInformation
BugScan is a Macintosh Virus File Scanner which allows users to determine if they have AutoStart 9805 Worm and SevenDust virus files on their hard drives. BugScan will detect all files for all strains of the AutoStart 9805 Worm plus all strains of the SevenDust virus current at 06/14/99, a number of Trojan Horse files that are currently circulating in the Mac world as well as some of the most recent virus files common to the Windows platform.
Views
Nifty program to keep around. MacAddict, MacWorld, and MacPool gave them the vote.
June 1, 2002 •
1 min read
SecurityPublished: 5.07.2002
Fixed: Mac OS X 10.1.4
Effected OS:
Mac OS X 10.1.3 and prior)
Information
The problems lies within the file /usr/sbin/sliplogin (sliplogin) bundled with versions of Mac OS X prior to 10.1.4 due to the permissions defined and a buffer overflow. The system can be taken control of if a non-administrative user were to overflow the program giving them permissions as a root user. This issue has been taken care of in 10.1.4 system security update, if you have not yet updated do so now.
A unix styled exploit for the Macintosh! This is …
May 7, 2002 •
2 min read
SecurityToday it was discovered in Mac OS X 10.1.4 (Not tested with prior versions yet) with multiple users
I have stumbled across a rather large security hole when AppleSharing between a Mac OS 9.2.2 box and a Mac OS X box running v.10.1.4.
If a Mac OS X 10.1.4 box contains multiple user or administrator accounts, their home directories as well as access to some shared folders with permissions for only one specific account can be broken into via AppleShare.
The trick is simple. This can be done on any administrator account on …
May 4, 2002 •
2 min read