Apple has released iPhone 3.0 OS now available for installation. Users who are able to upgrade their operating system for their iphones are suggested to do so as it addresses about 40 security issues. To download and install the latest version simply connect your iPhone…
June 17, 2009 • 1 min readToday Apple released Java for Mac OS X 10.5 Update 4, which is an update that appears to correct the Java vulnerability reported by SecureMac last month. The update requires OS X 10.5.7 or higher. More information can be found at: http://support.apple.com/kb/HT3581.
June 15, 2009 • 1 min readThe trojan horse OSX/Jahlav-C recently reported in the news is in fact a variant of the already discovered DNSChanger Trojan Horse. Other variant and aliases include OSX.RSPlug, OSX/Puper and OSX/Jahlav. This variant is already detected by SecureMac’s Anti-Spyware product MacScan as well as the free…
June 12, 2009 • 1 min readApple has finally acknowledged that spyware and viruses are a threat for Mac OS X, as well as the latest operating system in the works, Snow Leopard. Snow Leopard will be adding new technology to help prevent against attacks such as sandboxing and anti-phishing features in Safari. This, however, is not a 100% solution to protect against malware.
June 10, 2009 • 3 min readSecurity Alert: Safari prior to version 4 (released June 8th, 2009) may permit malicious web pages to steal files from the local system simply by accessing a web page without further interaction. This vulnerability is present in both Mac OS X and Windows Safari. The attack is accomplished by mounting an XXE attack against the parsing of the XSL XML.
June 9, 2009 • 1 min readSecureMac Advisory Posted: June 9th, 2009 Security Risk: Critical Safari prior to version 4 (released June 8th, 2009) may permit malicious web pages to steal files from the local system simply by accessing a web page without further interaction. This vulnerability is present in both…
June 7, 2009 • 1 min readToday, Landon Fuller posted a proof-of-concept exploit for an unpatched vulnerability in the Java Runtime Environment currently in use by OS X. While this particular proof-of-concept is meant to be harmless, the vulnerability itself currently affects OS X, including OS X 10.5.7, the latest shipping version of OS X. This vulnerability could be exploited to perform “drive-by-downloads” commonly used as a means to infect computers with spyware, or any arbitrary command with the permissions of the executing user. All a user has to do is visit a web page hosting a malicious java applet to be exploited. Until Apple patches their implementation of Java, we recommend that users disable Java applets in their web browser.
May 19, 2009 • 2 min readPosted: April 17th, 2009 The iServices Trojan Horse botnet first reported by SecureMac back in January has been activated. Users who have been infected are encouraged to download the iServices Trojan Horse Removal Tool, available for free at https://www.securemac.com/files/iServicesTrojanRemovalTool.dmg Read more about the botnet at…
April 17, 2009 • 1 min readSecureMac Advisory Posted: March 17th, 2009 Security Risk: Critical Just after the DNSChanger 2.0d variant was identified, another new variant of the DNSChanger Trojan Horse, DNSChanger 2.0e, has been discovered in the wild. The trojan horse arrives in a disk image (some samples are called…
March 2, 2009 • 3 min readPirated copies of Photoshop CS 4 has been reported by Intego to contain malware. On January 16th Photoshop CS 4 containing the malware was seeded to peer-2-peer servers. This trojan have been labeled as OSX.Trojan.iServices.B, the second variant of the trojan, the first discovered in…
January 26, 2009 • 1 min readSecureMac has released a free tool to remove the iWorkServices Trojan Horse called iWorkServices Trojan Removal Tool. The trojan as reported by Intego (1/22/09) has been bundled with pirated copies of iWork 09.
January 23, 2009 • 1 min readSecurity Alert: A trojan is being distributed with pirated copies of Apple’s iWorks 09. Pirated copies of iWorks 09 are being distributed with a trojan bundled in the installer package. Intego has released a warning recommending that users should not download iWorks 09 from pirate…
January 22, 2009 • 1 min readSecureMac Security Bulletin Posted: December 17th, 2008 Security Risk: Critical Halloween marked the one-year anniversary since the DNSChanger Trojan Horse was discovered in the wild, and in that time it has grown to become the single most widespread piece of malware on OS X. In…
December 17, 2008 • 3 min readLas Vegas, Nevada – SecureMac.com, an information security company known for its cutting edge security solutions and security website for Apple Macintosh computers, is pleased to announce it will be attending MacWorld Expo at the Moscone Center in San Fransisco from January 6-9, where it…
December 5, 2008 • 3 min readNew OS X Trojan Horse in the WildSecureMac Security Advisory Security Risk: Critical SecureMac has discovered multiple variants of a new Trojan horse in the wild that affects Mac OS X 10.4 and 10.5. The Trojan horse is currently being distributed from a hacker website,…
June 7, 2008 • 3 min readAdvisory Title: Intego VirusBarrier X4 definition bypass exploit Release Date: 2006 November 8 Affected Products: Intego VirusBarrier X4 Severity: Moderate Where: Local System Author: Kevin Finisterre Fix: Bug Fixed Starting with 2006/11/01 Vdef files Exploit: pwntego.tar.gz Kevin Finisterre, a security researcher with digitalmunition.com has discovered…
November 11, 2006 • 8 min readRecently, Mac OS X has been known to be vulnerable to many new remote exploits. Theses exploits are allowing to remotely execute code on your computer when you surf a webpage. Most of the people reading about theses vulnerabilities often missunderstand or apprehend the impact…
May 8, 2004 • 4 min readNotes & Warnings Ability If FileVault is enabled on an account, access to that account’s Public folder and Sites folder will not be available to anyone else, regardless if the user is logged in or not. So, if that user wishes to serve a website…
November 16, 2003 • 5 min readMac OS X FileVault Security Advisory Advisory Title: FileVault Leaves Unencrypted Home Data Behind Release Date: 2003 November 6 Fix Date: Mac OS X 10.4 (May 2005) Affected Product: Mac OS X 10.3 Build 7B85 Impact: Unencrypted Data Left Behind Where: Local System Author: CodeSamurai…
November 6, 2003 • 3 min readWhat is Crypt for Mac OS X? Crypt is a native MacOSX application for encrypting and decrypting files with a password of your choice. The cipher used is Blowfish. Blowfish is currently the fastest mainstream block cipher and is used in OpenSSH. There are so…
November 3, 2003 • 1 min read