SecurityToday Apple released Java for Mac OS X 10.5 Update 4, which is an update that appears to correct the Java vulnerability reported by SecureMac last month. The update requires OS X 10.5.7 or higher. More information can be found at: http://support.apple.com/kb/HT3581.
June 15, 2009 • 1 min read
SecurityThe trojan horse OSX/Jahlav-C recently reported in the news is in fact a variant of the already discovered DNSChanger Trojan Horse. Other variant and aliases include OSX.RSPlug, OSX/Puper and OSX/Jahlav.
This variant is already detected by SecureMac’s Anti-Spyware product MacScan as well as the free DNSChanger Trojan Horse Removal Tool. Learn more information on avoiding DNSChanger Trojan Horse and removal tips.
June 12, 2009 • 1 min read
SecurityApple has finally acknowledged that spyware and viruses are a threat for Mac OS X, as well as the latest operating system in the works, Snow Leopard. Snow Leopard will be adding new technology to help prevent against attacks such as sandboxing and anti-phishing features in Safari. This, however, is not a 100% solution to protect against malware.
June 10, 2009 • 3 min read
SecuritySecurity Alert: Safari prior to version 4 (released June 8th, 2009) may permit malicious web pages to steal files from the local system simply by accessing a web page without further interaction. This vulnerability is present in both Mac OS X and Windows Safari. The attack is accomplished by mounting an XXE attack against the parsing of the XSL XML.
June 9, 2009 • 1 min read
SecuritySecureMac Advisory
Posted: June 9th, 2009
Security Risk: Critical
Safari prior to version 4 (released June 8th, 2009) may permit malicious web pages to steal files from the local system simply by accessing a web page without further interaction. This vulnerability is present in both Mac OS X and Windows Safari. The attack is accomplished by mounting an XXE attack against the parsing of the XSL XML.
Chris Evans has documented this vulnerability in his advisory on his website http://scary.beasts.org/security/CESA-2009-006.html
Safari 4 is now available for download for both Windows and Macintosh systems. Suggested to …
June 7, 2009 • 1 min read
SecurityToday, Landon Fuller posted a proof-of-concept exploit for an unpatched vulnerability in the Java Runtime Environment currently in use by OS X. While this particular proof-of-concept is meant to be harmless, the vulnerability itself currently affects OS X, including OS X 10.5.7, the latest shipping version of OS X. This vulnerability could be exploited to perform “drive-by-downloads” commonly used as a means to infect computers with spyware, or any arbitrary command with the permissions of the executing user. All a user has to do is visit a web page hosting a malicious java applet to be exploited. Until Apple patches their implementation of Java, we recommend that users disable Java applets in their web browser.
May 19, 2009 • 2 min read
SecurityPosted: April 17th, 2009
The iServices Trojan Horse botnet first reported by SecureMac back in January has been activated. Users who have been infected are encouraged to download the iServices Trojan Horse Removal Tool, available for free at https://www.securemac.com/files/iServicesTrojanRemovalTool.dmg
Read more about the botnet at MacNN.
April 17, 2009 • 1 min read
SecuritySecureMac Advisory
Posted: March 17th, 2009
Security Risk: Critical
Just after the DNSChanger 2.0d variant was identified, another new variant of the DNSChanger Trojan Horse, DNSChanger 2.0e, has been discovered in the wild. The trojan horse arrives in a disk image (some samples are called serial_Avid.Xpress.Pro.5.7.2.dmg), and is again disguised as an installer for “MacCinema,” just like the 2.0d variant. Once installed, the trojan horse behaves in a similar manner to past variants.
This variant is being distributed on websites offering “cracked” or pirated copies of software, and is initially disguised as a serial …
March 2, 2009 • 3 min read
SecurityPirated copies of Photoshop CS 4 has been reported by Intego to contain malware. On January 16th Photoshop CS 4 containing the malware was seeded to peer-2-peer servers. This trojan have been labeled as OSX.Trojan.iServices.B, the second variant of the trojan, the first discovered in iWork 09 pirated software. It is recommended not to download these files. Like its predecessor this variant obtains root privileges, and notifies the remote host of the infected computers location on the Internet.
January 26, 2009 • 1 min read
SecuritySecureMac has released a free tool to remove the iWorkServices Trojan Horse called iWorkServices Trojan Removal Tool. The trojan as reported by Intego (1/22/09) has been bundled with pirated copies of iWork 09.
January 23, 2009 • 1 min read
SecuritySecurity Alert: A trojan is being distributed with pirated copies of Apple’s iWorks 09.
Pirated copies of iWorks 09 are being distributed with a trojan bundled in the installer package. Intego has released a warning recommending that users should not download iWorks 09 from pirate software sites.
The malicious software is installed in the startup items folders ( /System/Library/StartupItems/iWorkServices ) where it has full root privilege rights. Once installed the trojan connects to a remote server notifying it of the infected computers location on the net awaiting further instruction including the ability …
January 22, 2009 • 1 min read
SecuritySecureMac Security Bulletin
Posted: December 17th, 2008
Security Risk: Critical
Halloween marked the one-year anniversary since the DNSChanger Trojan Horse was discovered in the wild, and in that time it has grown to become the single most widespread piece of malware on OS X. In order to promote safe web browsing, SecureMac has issued a bulletin on the DNSChanger Trojan Horse, with information on common symptoms of infection, ways to check for and remove the Trojan, and a list of safe practices when surfing the web.
Symptoms of Infection by DNSChanger Trojan Horse
Website …
December 17, 2008 • 3 min read
SecurityLas Vegas, Nevada – SecureMac.com, an information security company known for its cutting edge security solutions and security website for Apple Macintosh computers, is pleased to announce it will be attending MacWorld Expo at the Moscone Center in San Fransisco from January 6-9, where it will be demonstrating the latest version of MacScan and answering security questions.
SecureMac will be showcasing its security software, as well as providing product discounts, booth raffles and security demonstrations at Booth 202 in the South Hall from January 6-9, at the Moscone Center, San Fransisco.
Clients …
December 5, 2008 • 3 min read
SecurityNew OS X Trojan Horse in the WildSecureMac Security Advisory
Security Risk: Critical
SecureMac has discovered multiple variants of a new Trojan horse in the wild that affects Mac OS X 10.4 and 10.5. The Trojan horse is currently being distributed from a hacker website, where discussion has taken place on distributing the Trojan horse through iChat and Limewire. The source code for the Trojan horse has been distributed, indicating an increased probability of future variants of the Trojan horse.
The Trojan horse runs hidden on the system, and allows a malicious user …
June 7, 2008 • 3 min read
SecurityAdvisory Title: Intego VirusBarrier X4 definition bypass exploit
Release Date: 2006 November 8
Affected Products: Intego VirusBarrier X4
Severity: Moderate
Where: Local System
Author: Kevin Finisterre
Fix: Bug Fixed Starting with 2006/11/01 Vdef files
Exploit: pwntego.tar.gz
Kevin Finisterre, a security researcher with digitalmunition.com has discovered and demonstrated a flaw in Intego VirusBarrier X4, an antivirus program for Macintosh computers. The “pwntego” exploit show how systems running Intego VirusBarrier X4 can lose their protection. Kevin discovered that the program suffered from a flaw related to the number of alerts it can process simultaneously.
Kevin saw that if an attacker is …
November 11, 2006 • 8 min read
SecurityRecently, Mac OS X has been known to be vulnerable to many new remote exploits.
Theses exploits are allowing to remotely execute code on your computer when you surf a webpage. Most of the people reading about theses vulnerabilities often missunderstand or apprehend the impact it can have, for a user.
While many people will use Paranoid Android, from Unsanity, and it does protects you well, many don’t even know about the vulnerability in the first place. Theses can lead to the total erasement of your personal data (by erasing /Users/you), to …
May 8, 2004 • 4 min read
SecurityNotes & Warnings
Ability
If FileVault is enabled on an account, access to that account’s Public folder and Sites folder will not be available to anyone else, regardless if the user is logged in or not. So, if that user wishes to serve a website out of the Sites folder in their home folder, activating FileVault is would not be a viable option for him or her.
Stability
There have been several reports of people losing data with FileVault and various related errata under Mac OS X v10.3.0, but the 10.3.1 update along with …
November 16, 2003 • 5 min read
SecurityMac OS X FileVault Security Advisory
Advisory Title: FileVault Leaves Unencrypted Home Data Behind
Release Date: 2003 November 6
Fix Date: Mac OS X 10.4 (May 2005)
Affected Product: Mac OS X 10.3 Build 7B85
Impact: Unencrypted Data Left Behind
Where: Local System
Author: CodeSamurai (codesamurai@mac.com)
Update (Mac OS X 10.4): With the release of Mac OS X 10.4 (Tiger), Apple has included a fix for this in the FileVault enabling process. When the user goes to enable FileVault on their user account in System Preferences, one of the sheets will now have a “Use secure erase” checkbox. …
November 6, 2003 • 3 min read
SecurityWhat is Crypt for Mac OS X?
Crypt is a native MacOSX application for encrypting and decrypting files with a password of your choice. The cipher used is Blowfish. Blowfish is currently the fastest mainstream block cipher and is used in OpenSSH.
There are so many uses for encryption from securing resumes, office documents to photos. Remember when you use encryption like this you must remember your password, writing it down on a sticky note defeats the purpose of security!
Usage
If you can understand the concept of drag and drop you will easily …
November 3, 2003 • 1 min read
SecurityAdvisory Title: USB Keyboard Init Crash -> Root Access
Release Date: 2003 October 31
Affected Products: Mac OS X 10.2.7 and prior (possibly 10.2.8)
Severity: Moderate
Impact: Root Access
Where: Local System
Author: Jason Storm (jms@lasergun.org)
VULNERABILITY
With access to a USB Keyboard connected to the computer running Mac OS X 10.2.7 and prior (and possibly 10.2.8) the user can hold down control-c during startup to be dropped to the administrative full controlling root shell prompt due to init crashing.
init will crash within three minutes into the booting process and will drop you into a root shell. With …
October 11, 2003 • 2 min read