Apple secretly updates Mac malware protection

Apple’s 10.6.4 operating system upgrade earlier this week silently updated the malware protection built into Mac OS X to protect against a backdoor Trojan horse that can allow hackers to gain remote control over your treasured iMac or MacBook.

 

Although there is no mention of it that we could find in Apple’s release notes for Mac OS X 10.6.4, or the accompanying security bulletin, Apple has updatedXProtect.plist – the rudimentary file that contains elementary signatures of a handful of Mac threats – to detect what they call HellRTS.

 

HellRTS, which Sophos products have been detecting as OSX/Pinhead-B since April, has been distributed by malicious hackers disguised as iPhoto, the photo application which ships on modern Mac computers.

 

If you did get infected by this malware then hackers would be able to send spam email from your Mac, take screenshots of what you are doing, access your files and clipboard and much more.

 

Unfortunately, many Mac users seem oblivious to security threats which can run on their computers. And that isn’t helped when Apple issues an anti-malware security update like this by stealth, rather than informing the public what it has done. You have to wonder whether their keeping quiet about an anti-malware security update like this was for marketing reasons. “Shh! Don’t tell folks that we have to protect against malware on Mac OS X!”

 

It seems their own employees can be amongst the worst offenders when it comes to giving users security advice. Just a few days ago I saw a former colleague of minetweet about the poor advice about malware protection being offered in Apple retail stores.

 

READ MORE…

 

A swarm of Safari security holes: Mac and Windows users told to update

Whether you own a Windows or Mac OS X computer, if you’re a user of Apple’s Safari browser, it’s time to update your computer against a swarm of security vulnerabilities.

 

With the attention of most Apple devotees diverted this week towards the sleek new iPhone 4, some may have missed that the Cupertino-based company has also issued a brand new version of its web browser, Safari.

 

Most interestingly to us, however, is the news that Safari 5.0 not only includes new functionality, but also plugs at least 48 different security vulnerabilities that (if left unpatched) could be exploited by hackers.

 

Mac OS X version 10.4 users (which Safari 5 doesn’t support) aren’t left in the lurch either. Apple has issued Safari version 4.1 for those customers, which addresses the same set of security issues.

 

Read More…

 

Apple Safari zero-day exploit revealed

 

 

Apple’s Safari browser contains a critical, unpatched bug that attackers can use to infect Windows PCs with malicious code, researchers at US-CERT and other security firms said today.

 

Hackers could compromise PCs with simple “drive-by” attack tactics, researchers added.

 

The vulnerability, first reported by Danish vulnerability tracker Secunia and confirmed by the United States Computer Emergency Readiness Team (US-CERT), was disclosed by Polish researcher Krystian Kloskowski on Friday. The bug is caused by an error in the handling of the browser’s parent windows.

 

Apple Safari gets security fix in update | Apple Safari 4 browser | How to use Greasemonkey scripts with IE, Chrome and Safari

 

“This can be exploited to execute arbitrary code when a user visits a specially-crafted web page and closes opened pop-up windows,” said Secunia’s alert.

 

The vulnerability can also be exploited by attackers who dupe users into opening rigged HTML-based e-mail within Safari, added US-CERT in its advisory. That scenario likely would involve tricking users into opening malicious messages in a Web mail service, such as Gmail or Windows Live Hotmail.

 

Both Secunia and US-CERT confirmed today that the proof-of-concept attack code published by Kloskowski successfully compromises the Windows version of Safari 4.0.5, the most up-to-date edition. Secunia rated the vulnerability as “highly critical,” the second-most-dangerous ranking in its five-step threat scoring system.

 

It’s not known whether the vulnerability also exists in the much more widely used Mac OS X version of Apple’s software. “Other versions may also be affected,” cautioned US-CERT.

 

Charlie Miller, the noted vulnerability researcher who won $10,000 by hacking a Mac in March at the Pwn2Own contest, was out of his office and not able to verify that the bug also exists in Safari on Mac OS X.

 

US-CERT urged users of the Windows version of Safari to disable JavaScript as a temporary defense.

 

Apple last patched Safari in mid-March when it fixed 16 flaws, including six that applied only to the Windows version of the browser. It’s not unusual for Apple to patch Windows-only vulnerabilities when it updates Safari.

 

Apple patched Miller’s $10,000 vulnerability in mid-April by plugging a hole in ATS (Apple Type Services), a font renderer included with Mac OS X. Miller accessed the ATS bug via Safari during Pwn2Own.

 

 

By Gregg Keizer, techworld.com

Windows and Mac users urged to update Safari

Apple has released version 4.0.5 of its Safari browser, fixing a number of issues with its browser for Windows and Mac OS X including – most importantly – a grand total of 16 security vulnerabilities.

 

If you dilly-dally over updating your computer, it’s possible that hackers could exploit the security bugs – including some that could mean that simply visiting a webpage with a maliciously crafted image could lead to malicious code being automatically run on your computer.

 

Interestingly, one of the bugs (CVE-2009-2285) fixed in Safari 4.0.5 was announced and patched in Mac OS X 10.6.2 back in December 2009, and in Mac OS X 10.5 since January, meaning that Windows users of Safari have been vulnerable for over two months to the way their browser handles booby-trapped TIFF images.

 

But it doesn’t matter whether you own a Mac or PC, if you run Safari the message is clear: It’s time to update your browser and ensure that you are protected against hackers exploiting the security holes detailed in the security advisory on Apple’s website.

 

Safari users should practise safe computing, and update their systems as soon as possible.

 

By Graham Cluley, Sophos

 

 

Foxit PDF reader for Mac? Or malware?

Foxit Reader is a popular alternative to Adobe’s PDF reading utilities, allowing Windows users the ability to view Adobe Acrobat files without some of the extra baggage that Adobe’s own solutions carry with them.

However, Foxit Reader is not yet officially available for Apple Macs although the developer’s support forums has plenty of evidence that Mac users are hungry for a version for Mac OS X.

And it is these impatient users, perhaps, who are most at risk from hackers who have adopted the disguise of a version of Foxit Reader for Mac in their latest escapades.

According to a press release from the Foxit Corporation, hackers have disguised versions of the Jahlav Trojan horse as a pirated version of Foxit Reader for Mac.

Any user foolish enough to download a version of “Foxit Reader for Mac” from a source other than the official Foxit website at www.foxitsoftware.com is, therefore, risking infecting their iMac or MacBook.

Foxit’s press release quotes George Gao, their VP of Sales and Marketing, as saying “While imitation may be the sincerest form of flattery, we are not happy about the recent malware attacks masquerading as our Foxit Reader. Foxit has always strived to insure that our solutions are secure for our users, and remains committed to address any Foxit product security issue in a professional and timely manner.”

This entry was posted on Tuesday, August 25th, 2009 at 10:39 pm and is filed under Apple, Malware. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

by Graham Cluley, Sophos