GreenPois0n Absinthe 2.0 jailbreak for iOS 5.1.1 goes live, allows for untethered jailbreaking

Posted by:
Date: Friday, May 25th, 2012, 06:10
Category: Hack, iOS, iPad, iPhone, iPod, security

Per Boy Genius Report, the GreenPois0n Absinthe 2.0 jailbreak for iOS 5.1.1 has been released.

Absinthe works on A4-powered devices and A5 ones, like the iPhone 4S and new iPad. It won’t work on the iPad 2, however and the JailbreakUntethered site has explanations on how to get this going on your device.

If you’ve tried the jailbreak and have any feedback, please let us know in the comments.

Apple releases Flashback removal tool for Mac OS X 10.5.x operating systems

Posted by:
Date: Tuesday, May 15th, 2012, 05:21
Category: News, security, Software

If you’ve yet to upgrade to Mac OS X 10.6 or Mac OS X 10.7, there’s some good news.

Per Macworld, Apple on Monday released a pair of security updates for the older operating system: Leopard Security Update 2012-003 and Flashback Removal Security Update.

The Leopard Security Update disables older versions of Adobe Flash Player that don’t contain the latest security updates, prompting you to upgrade instead. That mirrors an update Apple offered for Safari on Snow Leopard and Lion last week.

The Flashback Removal Security Update finds and removes the most common variants of that malware; the updater may need to restart your Mac to complete the removal of any malware.

Both updates are available directly from Apple’s website or via Mac OS X’s Software Update feature and require Mac OS X 10.5.8 to install and run.

If you’ve tried the updates/malware removal tools and have any feedback to offer, please let us know in the comments.

Kaspersky Lab to help advice Apple on Mac OS X security

Posted by:
Date: Monday, May 14th, 2012, 10:08
Category: News, security, Software

It never hurts to ask for a helping hand.

Per computing.co.uk, Apple has invited Kaspersky Lab to consult on potential OS X security issues following the aftermath of the largest malware outbreak on the platform.

Kaspersky has begun analyzing the OS X platform at Apple’s request, the company’s chief technology officer, Nikolai Grebennikov, said in an interview with Computing. The Kaspersky executive has publicly called Apple out for not taking security seriously enough.

“Mac OS is really vulnerable, and Apple recently invited us to improve its security,” Grebennikov said. We’ve begun an analysis of its vulnerabilities, and the malware targeting it.”

As one specific security issue with OS X, he noted that Apple has blocked Oracle from directly updating Java on the Mac. Instead, Apple handles the updates, and they typically arrive months after Oracle issues its own patches.

Mac-centric Java development is set to move to Oracle following the latest runtime updates built in-house at Apple. Apple dropped Java from the default installation of OS X 10.7 Lion after the company announced its plans to deprecate the software’s release from the Mac platform.

In April, Oracle released its first Java Development Kit and JavaFX Software Development Kit for Mac users. They arrived one and a half years after Apple announced the depreciation of its own edition of Java for Mac.

Kaspersky’s newfound partnership with Apple comes on the heels of the Flashback malware botnet, which was believed to have infected hundreds of thousands of Macs at its peak. The presence of Flashback was greatly diminished after Apple released a series of software updates to squash the malware, including a Java update and a separate removal tool.

Grebennikov cited the Flashback malware as “a huge sign that Apple’s security model isn’t perfect.” He also predicted that the first malware targeting Apple’s iOS mobile operating system, which powers the iPhone and iPad, will arrive in the next “year or so.”

Stay tuned for additional details as they become available.

Safari 5.1.7 nixes outdated Flash versions, focuses on security-based issues

Posted by:
Date: Thursday, May 10th, 2012, 06:32
Category: News, security, Software

safarilogo.jpg

When in doubt, go with the update.

Per AppleInsider, Apple on Wednesday released an update to its Safari web browser that automatically disables old versions of Adobe’s Flash Player as they don’t have the most up-do-date security features.

After pushing out OS X Lion 10.7.4 which included Safari version 5.1.6, Apple rolled out a separate update for the browser that can be downloaded by Mac OS X 10.7.3, Mac OS X 10.7.4 and Windows users.

According to the Safari 5.1.7 support page, the update is meant to disable older versions of Flash that pose a security risk as they lack the latest vulnerability patches.

Safari 5.1.7 will scan a Mac’s Flash assets for out-of-date software, disable it if found and inform the user via a dialog box. A link to Adobe’s website is integrated into the dialog so that users can easily locate and install the most current Flash Player.

If users need to roll back to a previous version of Flash, they must navigate to the “/Library/Internet Plug-Ins (Disabled)” folder on their Mac, drag “Flash Player.plugin” into the active “/Library/Internet Plug-Ins” folder and restart the browser.

Apple has become increasingly leery about third-party applications, perhaps due to the recent Flashback malware debacle that affected more than 600,000 Macs worldwide. One of the trojan’s first iterations was discovered in 2011 when it disguised itself as a Flash Installer, though the exploit had nothing to do with Adobe’s software.

Most recently, Apple released a Java update to cope with Flashback and even created a dedicated removal tool for those Mac owners who didn’t already have Java installed on their computers.

The Safari update comes in at 44.98MB download and can be acquired via Mac OS X’s Software Update feature.

Stay tuned for additional details as they become available.

Apple releases Security Update 2012-002 for Mac OS X 10.6 operating systems

Posted by:
Date: Thursday, May 10th, 2012, 06:23
Category: News, security, Software

snowleopard

Amidst yesterday’s update-o-rama, the Mac OS X 10.6 side of things received some attention as well.

On Wednesday, Apple released Security Update 2012-002, a patch designed to take care of the following security details highlighted here.

The update, which is designed for both Mac OS X 10.6 Client and Mac OS X 10.6 Server, weighs in as a 239 megabyte download and can also be located and installed via Mac OS X’s Software Update feature.

Security Update 2012-002 requires Mac OS X 10.6.8 or later to install and run.

Security companies estimate that Flashback infection rate is remaining steady, advise users to run update/malware removal tools

Posted by:
Date: Wednesday, May 9th, 2012, 06:18
Category: News, security, Software

Ok, guys, it’s time to update your Mac and help bring down the Flashback trojan malware infection rate.

Per CNET, following an effort to estimate how many Macs remain infected with the Flashback malware, the data from these monitoring efforts have suggested that despite early reports of the malware levels sinking rapidly from efforts by Apple, news organizations, and anti-malware companies, the levels of infections appears to be remaining constant.

The spread Flashback malware was facilitated by a neglected security hole in Apple’s Java runtime for OS X, and at its peak had infected around one percent of Mac systems. To tackle the spread of the malware, initially news organizations covered methods for manually removing the malware, followed by security companies issuing malware removal tools to facilitate this process. Apple then released a series of Java updates to close the vulnerability and also scan for and remove known instances of the malware.

During the time of these infections, security companies set up sinkhole servers and other techniques to monitor the network traffic from the Flashback infections, and determine how many unique computers had been infected with the malware. Following the peak of the malware infection on August 6, initial reports from the anti-malware efforts suggested the infection rates had dropped significantly, with the number of infected Macs decreasing to a reported low of 30,000 in 10 days. However, despite these claims the malware has remained active, and adjustments have had to be made to these numbers.

Following the reports of success at tackling the malware, security company Dr. Web revealed errors in the malware estimation calculations and suggested that the number of infected systems was in fact much higher. Security companies followed this news with more conservative estimates that suggested a more shallow fall in the malware, to an estimated 140,000 systems in late April.

Despite the higher numbers, the number of malware infections did fall from its peak, though while some have hoped the number to fall far lower, the malware appears to have fallen to a revolving infection rate of just over 100,000 Mac systems. In a new report by Intego, the company claims that in the past week it has observed the following numbers from its sinkhole operation:

04/30/2012 – 102,769 infected Macs

05/01/2012 – 96,948 infected Macs

05/02/2012 – 103,779 infected Macs

05/03/2012 – 121,826 infected Macs

05/04/2012 – 102,375 infected Macs

05/05/2012 – 118,593 infected Macs

05/06/2012 – 113,909 infected Macs

Intego notes that these numbers are only the active infections it monitors on a day-to-day basis, and is not the total number of Macs infected. The malware is only active when a user logs in and thereby suggests that this activity difference reflects a steady state variance in when people are using their Macs, which will revolve as Macs are used more in some parts of the world than at others. Therefore the total number of infected systems will likely be much higher at around the 140,000 of previous recent estimates.

Intego has further noted that despite the initial impact in the malware’s activity by community efforts, the numbers appear to no longer be declining and show indications that they may even be increasing. Intego speculates the reason for this is that a small percentage of users have not taken any effort to either update their systems, but it may be more than just updating. Apple has only offered updates and malware removal options for OS X 10.6 and above (its supported versions). However, this malware will infect systems with older versions of OS X, so even if the older versions have been kept up to date, they will be left vulnerable without Apple issuing a proper Java fix. Not only can they still contain the malware, but they also will be subject to new infections by any of its variants.

In short, if you have a Mac running Mac OS X 10.6 or later, please update the Java updates via Mac OS X’s built-in Software Update feature. And for Apple, well, a Flashback removal update for Mac OS X versions previous to Mac OS X 10.6 or later wouldn’t hurt…

Security hole found in FileVault under Mac OS X 10.7.3

Posted by:
Date: Tuesday, May 8th, 2012, 06:04
Category: News, security, Software

Ok, this isn’t the best news in the world…

Per Crytome, Apple’s legacy FileVault Mac encryption system in OS X 10.7.3 has a security flaw that could allow malicious users to access stored passwords. According to the post, the issue only applies in specific configurations to users who have updated to OS X 10.7.3, in which a system-wide debug file that displays login passwords in plain text is created.

“Thus anyone who can read files accessible to group admin can discover the login passwords of any users of legacy (pre LION) Filevault home directories who have logged in since the upgrade to 10.7.3 in early February 2012,” Emery explained.

The login data can also be viewed by booting a Mac into FireWire disk mode and reading it by opening the drive as a disk. The information can also be accessed by booting the Lion recovery partition and using the available superuser shell to mount the main file system partition.

Users can protect themselves from these methods by using the whole disk encryption capabilities of FileVault 2. Emery explained that this requires that a user know at least one login password before they can access the main partition of the disk.

Further protection can be achieved by setting a firmware password that must be supplied before a user can boot the recover partition or external media, or enter firewire disk mode.

“Having the password logged in the clear in an admin readable file *COMPLETELY* breaks a security model — not uncommon in families — where different users of a particular machine are isolated from each other and cannot access each others’ files or login as each other with some degree of assurance of security,” Emery wrote.

The bug was introduced with Apple’s OS X 10.7.3 update, which was issued in early February. The latest version of Lion came with Wi-Fi connectivity fixes and Windows file sharing compatibility.

Stay tuned for additional details as they become available.

Symantec estimates Flashback trojan could have netted authors $10,000 a day during its peak

Posted by:
Date: Tuesday, May 1st, 2012, 09:58
Category: News, security, Software

Ok, so maybe crime DOES pay…

Per Symantec’s company blog, the malware known as “Flashback” that was believed to have infected hundreds of thousands of Macs may have paid out as much as US$10,000 a day to its authors.

The estimate comes from Symantec, which said in a post to its official blog that the primary motivation behind the malware was money. The Flashback Trojan includes an ad-clicking component that will load itself into the three major browsers for Mac — Safari, Firefox and Chrome — and generate revenue for the attackers.

“Flashback specifically targets queries made on Google and, depending on the search query, may redirect users to another page of the attacker’s choosing, where they receive revenue from the click,” Symantec explained.

Peering into the Trojan’s code, the security firm found a redirected URL that generates the authors of the code 8 cents per click. If a user conducts a Google search, Flashback will “hijack” the ad click from Google, taking money away from the search giant and granting “untold sums” to the authors of the Trojan.

A previous analysis of a different Trojan found that a botnet with just 25,000 infections could generate up to US$450 per day. At its peak, the Flashback Trojan was estimated to have infected 600,000 Macs worldwide, which means the authors could have earned as much as US$10,000 per day.

The presence of Flashback has greatly diminished since Apple released a series of software updates last month aimed at squashing the malware, including a Java update and a separate removal tool.

The Flashback Trojan was first discovered by another security firm, Intego, last September. The software attempts to trick users into installing it by appearing as Adobe’s Flash Player installer package.

Stay tuned for additional details as they become available and if you haven’t downloaded and installed Apple’s anti-flashback removal tool via Mac OS X’s Software Update feature, there’s no time like the present.

Dr. Web points out dormant nature of Flashback, cites that malware could remain on 650,000 Macs

Posted by:
Date: Tuesday, April 24th, 2012, 06:13
Category: News, security, Software

Well, this is a bit of a kick in the head.

Per Russian security company Dr. Web and Macworld, the Mac Flashback Trojan horse was still installed on more than half a million Apple computers late last week and is declining only slowly.

Although all security companies now agree that the best days for Flashback (or “Flashflake”) are now behind it, the new numbers suggest a greater level of infection than that has been reported by rivals.

Measured by UUID device identifiers, Dr. Web now believes that at its greatest extent, the bot controlled around 817,000 machines, with an average of 550,000 contacting the command and control servers during any 24-hour period.

By April 19, the bot was communicating with 566,000 Macs, down from 673,000 three days earlier, still considerably higher than Symantec’s estimate last week that the bot’s size had shrunk to 270,000 infected systems, and Kaspersky’s figure of 237,000 on April 14 and 15.

Some of the confusion could be down to measuring the bot using either IP addresses or device IDs (UUIDs), and doing so at different points in time.

However, Dr. Web thinks it has a better explanation for the understands this discrepancy, which, it said, has to do with attempts by an unnamed entity (presumably a security company) to block the bot’s activity.

Infected bots had been connecting to a server at 74.207.249.7, which was putting them into a suspended state. All machines doing this would no longer be able to communicate and be registered as ‘active’ by security company sinkholes despite still being infected.

“This is the cause of controversial statistics on one hand, Symantec and Kaspersky Lab reported a significant decline in the number of Backdoor.Flashback.39 bots, on the other hand, Dr. Web repeatedly indicated a far greater number of bots which didn’t tend to decline considerably,” the company argued.

At least one security company—Mac security specialist Intego—agrees with Dr. Web’s contention that Flashback’s infection numbers have recently been underestimated.

“Intego has analyzed the malware, and, following discussions with other security companies, has determined that not only are these numbers [the lower estimates] incorrect, they are underestimating the number of infected Macs,” the company announced in a Friday blog post.

If this is correct, it does at least mean that while infected, these machines are now dormant and presumably beyond the control of the bot controllers.

On Friday, Kaspersky offered more information on how the malware was able to infect its victims through WordPress blog sites that had been compromised to host a malware redirection script.

Stay tuned for additional details and if you haven’t downloaded the latest security updates through Mac OS X’s built-in Software Update feature to help nix the Flashback malware on your Mac.

Kaspersky Lab states Flashback infections drop to under 30,000, warn of potential exploits en route

Posted by:
Date: Thursday, April 19th, 2012, 10:30
Category: News, security, Software

This too shall pass.

Per the cool cats at Ars Technica, Flashback infections have plummeted since Apple released a tool to stop the Trojan, but a security firm has cautioned that more malware could be on the horizon.

Researchers from Kaspersky Lab held a press conference Thursday morning in which they revealed that the number of machines infected by Flashback has dropped to just 30,000. That’s significantly down from the 600,000 Macs it was estimated to have infected at its peak, as well as the 140,000 Macs estimated to have been infected on Tuesday of this week.

Presence of the Trojan has been limited as Apple released a Java update to rid machines of Flashback. And for those that don’t have Java installed and could be harboring a dormant version of the malware, Apple also issued a separate removal tool.

But researchers at Kaspersky believe Flashback could just be the beginning. They believe that hackers will continue to target the Mac, as Apple has gained significant market share in recent years and continues to outgrow the rest of the PC market.

“Market share brings attacker motivation,” Kaspersky officials said. “Expect more drive-by downloads, more Mac OS X mass-malware. Expect cross-platform exploit kits with Mac-specific exploits.”

The Flashback Trojan was first discovered by another security firm, Intego, last September. The software attempts to trick users into installing it by appearing as Adobe’s Flash Player installer package.

Earlier this week, another Mac Trojan was discovered that takes advantage of an exploit in Microsoft Word to spread. Dubbed “LuckyCat,” it uses a Java exploit to infect a targeted machine, allowing a remote user to analyze and even steal data from the system.

Stay tuned for additional details as they become available.