SecureMac Security Bulletin Posted: December 17th, 2008 Security Risk: Critical Halloween marked the one-year anniversary since the DNSChanger Trojan Horse was discovered in the wild, and in that time it has grown to become the single most widespread piece of malware on OS X. In…
December 17, 2008 • 3 min readLas Vegas, Nevada – SecureMac.com, an information security company known for its cutting edge security solutions and security website for Apple Macintosh computers, is pleased to announce it will be attending MacWorld Expo at the Moscone Center in San Fransisco from January 6-9, where it…
December 5, 2008 • 3 min readNew OS X Trojan Horse in the WildSecureMac Security Advisory Security Risk: Critical SecureMac has discovered multiple variants of a new Trojan horse in the wild that affects Mac OS X 10.4 and 10.5. The Trojan horse is currently being distributed from a hacker website,…
June 7, 2008 • 3 min readAdvisory Title: Intego VirusBarrier X4 definition bypass exploit Release Date: 2006 November 8 Affected Products: Intego VirusBarrier X4 Severity: Moderate Where: Local System Author: Kevin Finisterre Fix: Bug Fixed Starting with 2006/11/01 Vdef files Exploit: pwntego.tar.gz Kevin Finisterre, a security researcher with digitalmunition.com has discovered…
November 11, 2006 • 8 min readRecently, Mac OS X has been known to be vulnerable to many new remote exploits. Theses exploits are allowing to remotely execute code on your computer when you surf a webpage. Most of the people reading about theses vulnerabilities often missunderstand or apprehend the impact…
May 8, 2004 • 4 min readNotes & Warnings Ability If FileVault is enabled on an account, access to that account’s Public folder and Sites folder will not be available to anyone else, regardless if the user is logged in or not. So, if that user wishes to serve a website…
November 16, 2003 • 5 min readMac OS X FileVault Security Advisory Advisory Title: FileVault Leaves Unencrypted Home Data Behind Release Date: 2003 November 6 Fix Date: Mac OS X 10.4 (May 2005) Affected Product: Mac OS X 10.3 Build 7B85 Impact: Unencrypted Data Left Behind Where: Local System Author: CodeSamurai…
November 6, 2003 • 3 min readWhat is Crypt for Mac OS X? Crypt is a native MacOSX application for encrypting and decrypting files with a password of your choice. The cipher used is Blowfish. Blowfish is currently the fastest mainstream block cipher and is used in OpenSSH. There are so…
November 3, 2003 • 1 min readAdvisory Title: USB Keyboard Init Crash -> Root Access Release Date: 2003 October 31 Affected Products: Mac OS X 10.2.7 and prior (possibly 10.2.8) Severity: Moderate Impact: Root Access Where: Local System Author: Jason Storm (jms@lasergun.org) VULNERABILITY With access to a USB Keyboard connected to…
October 11, 2003 • 2 min readAffected Product: Mac OS X 10.3 Build 7B85 Severity: Low Impact: Security Bypass Where: Local System Author: CodeSamurai (codesamurai@mac.com) VULNERABILITY With access to the keyboard, an unauthorized user can access the currently active screen-locked user environment. However, there is only a relatively small opening in…
October 4, 2003 • 2 min readSAINT, or Security Administrator’s Integrated Network Tool, is a vulnerability scanner that allows network administrators to scan their local area networks for security flaws. SAINT can then prepare reports detailing the extent and seriousness of these weaknesses, as well as providing links to fixes and…
September 2, 2003 • 3 min readSecurity Issue: Mac OS X Screensaver Password Protection Bug Systems Vulnerable: Mac OS X 10.2.6 and prior Date Fixed: TBA Apple’s Mac OS X screensaver apparently contains a buffer overflow vulnerability that causes the screensaver to dump not requiring the user to enter a legitimate…
July 7, 2003 • 1 min readComputers running Mac OS X prior to 10.2.4 and unpatched contain a vulnerability that can be exploited to create files that can be run at elevated privileges because of the TruBlueEnvironment. Included is the security advisory covering the issue discovered by @Stake’s Dave. For those…
February 11, 2003 • 3 min readInformation LittleSecrets for Mac OS X gives the Macintosh users the ability to store notes in an encrypted format that can only be accessed with the password assigned to the file. Upon launching the encrypted file the user is instructed to enter the password, only…
January 10, 2003 • 2 min readInformation Tresor is a file encryption tool for the Macintosh. It is simple to use, fast, and offers very high cryptographic security. It is available in native versions for 68k Macs and PowerMacs as well as in a FAT version and requires MacOS 7.0 minimum….
December 8, 2002 • 2 min readKeys Off is now at version 1.3.2, now fully compatible with MacOS 9 and includes version 1.5 of the BlackWatch screen saver. Information Blue Globe Software has been producing high quality shareware since 1991, and they expect to continue this trend for a long time…
November 11, 2002 • 3 min readResolution The issue described below was addressed and take resolved by Apple July 12th 2002 by adding checksums to downloads. Update to current version of Mac OS X via the software updates or visit AppleCare Document 75304 Information Anonymous writes “I have recently been forwarded…
July 6, 2002 • 2 min readMAC OS X Security to the general Macintosh user has never been much of an issue. Turn it on, use it, turn it off when you’re done. And even if you’ve got a DSL or other dedicated line, warnings related to hack attempts on open…
June 5, 2002 • 7 min readAbout Cisco VPN Client The Cisco VPN (Virtual Private Network) Client establishes an encrypted tunnel between a local system and a Cisco VPN Concentrator. The tunnel provides confidentiality and integrity for the data in transit, allowing a user on the local system to securely connect…
June 4, 2002 • 4 min readThis is one section of an overall document. The overall publication covers the setup of a Mac OS X Server. This part is being made public to help others secure their machines. This document outlines some security measures for the Mac OS X Server 1.0…
June 2, 2002 • 11 min read