Advisory Title: USB Keyboard Init Crash -> Root Access Release Date: 2003 October 31 Affected Products: Mac OS X 10.2.7 and prior (possibly 10.2.8) Severity: Moderate Impact: Root Access Where: Local System Author: Jason Storm (jms@lasergun.org) VULNERABILITY With access to a USB Keyboard connected to…
October 11, 2003 • 2 min readAffected Product: Mac OS X 10.3 Build 7B85 Severity: Low Impact: Security Bypass Where: Local System Author: CodeSamurai (codesamurai@mac.com) VULNERABILITY With access to the keyboard, an unauthorized user can access the currently active screen-locked user environment. However, there is only a relatively small opening in…
October 4, 2003 • 2 min readSAINT, or Security Administrator’s Integrated Network Tool, is a vulnerability scanner that allows network administrators to scan their local area networks for security flaws. SAINT can then prepare reports detailing the extent and seriousness of these weaknesses, as well as providing links to fixes and…
September 2, 2003 • 3 min readSecurity Issue: Mac OS X Screensaver Password Protection Bug Systems Vulnerable: Mac OS X 10.2.6 and prior Date Fixed: TBA Apple’s Mac OS X screensaver apparently contains a buffer overflow vulnerability that causes the screensaver to dump not requiring the user to enter a legitimate…
July 7, 2003 • 1 min readComputers running Mac OS X prior to 10.2.4 and unpatched contain a vulnerability that can be exploited to create files that can be run at elevated privileges because of the TruBlueEnvironment. Included is the security advisory covering the issue discovered by @Stake’s Dave. For those…
February 11, 2003 • 3 min readInformation LittleSecrets for Mac OS X gives the Macintosh users the ability to store notes in an encrypted format that can only be accessed with the password assigned to the file. Upon launching the encrypted file the user is instructed to enter the password, only…
January 10, 2003 • 2 min readInformation Tresor is a file encryption tool for the Macintosh. It is simple to use, fast, and offers very high cryptographic security. It is available in native versions for 68k Macs and PowerMacs as well as in a FAT version and requires MacOS 7.0 minimum….
December 8, 2002 • 2 min readKeys Off is now at version 1.3.2, now fully compatible with MacOS 9 and includes version 1.5 of the BlackWatch screen saver. Information Blue Globe Software has been producing high quality shareware since 1991, and they expect to continue this trend for a long time…
November 11, 2002 • 3 min readResolution The issue described below was addressed and take resolved by Apple July 12th 2002 by adding checksums to downloads. Update to current version of Mac OS X via the software updates or visit AppleCare Document 75304 Information Anonymous writes “I have recently been forwarded…
July 6, 2002 • 2 min readMAC OS X Security to the general Macintosh user has never been much of an issue. Turn it on, use it, turn it off when you’re done. And even if you’ve got a DSL or other dedicated line, warnings related to hack attempts on open…
June 5, 2002 • 7 min readAbout Cisco VPN Client The Cisco VPN (Virtual Private Network) Client establishes an encrypted tunnel between a local system and a Cisco VPN Concentrator. The tunnel provides confidentiality and integrity for the data in transit, allowing a user on the local system to securely connect…
June 4, 2002 • 4 min readThis is one section of an overall document. The overall publication covers the setup of a Mac OS X Server. This part is being made public to help others secure their machines. This document outlines some security measures for the Mac OS X Server 1.0…
June 2, 2002 • 11 min readInformation BugScan is a Macintosh Virus File Scanner which allows users to determine if they have AutoStart 9805 Worm and SevenDust virus files on their hard drives. BugScan will detect all files for all strains of the AutoStart 9805 Worm plus all strains of the…
June 1, 2002 • 1 min readPublished: 5.07.2002 Fixed: Mac OS X 10.1.4 Effected OS: Mac OS X 10.1.3 and prior) Information The problems lies within the file /usr/sbin/sliplogin (sliplogin) bundled with versions of Mac OS X prior to 10.1.4 due to the permissions defined and a buffer overflow. The system…
May 7, 2002 • 2 min readToday it was discovered in Mac OS X 10.1.4 (Not tested with prior versions yet) with multiple users I have stumbled across a rather large security hole when AppleSharing between a Mac OS 9.2.2 box and a Mac OS X box running v.10.1.4. If a…
May 4, 2002 • 2 min readInformation SubRosa Vol 1-File Utilities is SubRosaSoft.com Ltd’s first line of privacy products which help Macintosh users secure themselves and their personal data. The suite of software to protect your files consist of the following; file and folder encryption, multi-pass shredder, and free decryptor. Each…
May 1, 2002 • 4 min readFixes To fix Internet Explorer: This is done by updating through the Software Update Pane/Control Panel. Patch Microsoft Office Products: Patch is Here More Information:Security Alert Vulnerability: Run code attacker wants. Severity Level: Microsoft suggests Critical Affected Software: Microsoft Internet Explorer 5.1 for Macintosh…
April 9, 2002 • 4 min readMac OS X is UNIX at the core this is very true as described in Apple’s print advertisement, besides sending all others to /dev/null this OS is also open to all the security issues behind the UNIX environment. Many features that are offered in the…
April 6, 2002 • 6 min readMacs are Vulnerable, too Due to the potential vulnerabilities of Mac OS X, Macintosh computer systems are more susceptible to security breaches and threats than ever before. Many Mac users falsely believe that they are immune to virus and hacker attacks. It’s true that Macs…
April 6, 2002 • 5 min readThe folks at BSD-H have found a flaw that offers anyone in the admin group the ability to achieve root access via sudo. For those of you new to Mac OS X and the whole Unix environment do not get frustrated, this article will enlighten…
February 7, 2002 • 4 min read