New malware strain found to target Uyghur activists on the Mac

Posted by:
Date: Friday, April 26th, 2013, 07:49
Category: News, security, Software

The bad news: There’s yet a new malware strain going around on the Mac.

The good news: If you’re up to date, it’s not a concern.

Per CNET, security company F-Secure has located spam e-mail laced with backdoor Trojan horse malware has been continuously delivered to members of Uyghur activist groups in an Advanced Persistent Threat attack.

Like prior ones, the new variant takes advantage of old vulnerabilities in Microsoft Word, by sending attachments that will embed the malware in the affected system if the document is opened in an unpatched version of Word.

The malware used has changed a little over the past year, with some versions using Trojans embedded in ZIP files, and others exploiting Word vulnerabilities. F-secure’s report shows this latest attempt uses a Word document called “poadasjkdasuodrr.doc,” though any document name can likely be used. When opened, the malware contained in it will install two files that attempt to pose as update components to RealPlayer, in the following locations:
~/Library/Application Support/.realPlayerUpdate
~/Library/LaunchAgents/realPlayerUpdate.plist

Since these folders are within the user account, the malware used in this attack variant can install itself without user passwords being required. However, another mode of attack does ask for authentication; if received, the malware will then be placed in the global Library folder instead, so it will run for every user on the system.

Using the “launchagent” file, the system will keep the hidden malware in the Application Support folder running, and will attempt connections to a command-and-control server at the URL alma.apple.cloudns.org.

The best ways to avoid this malware are via safe computing practices, deleting obvious spam messages and avoiding messages with attachments that haven’t hailed from trusted sources. Additionally, these attacks often exploit known vulnerabilities that have been patched, so always keep your operating system and installed applications up-to-date.

In conclusion, Mac OS X’s Software Update feature is your best friend, avoid suspicious-looking e-mails and you should be set.

Excelsior!!!

Apple releases Safari 6.0.4 update

Posted by:
Date: Wednesday, April 17th, 2013, 07:48
Category: News, security, Software

safarilogo.jpg

The update-o-rama continues!

Late Tuesday, Apple released Safari 6.0.4, an update to its web browser. The new version, a 44.8 megabyte download (via MacUpdate), includes the following fixes and new features:

- Safari 6.0.4 allows you to enable the Java web plug-in on a website-by-website basis, with four settings to choose from.

Safari 6.0.4 requires an Intel-based Mac running Mac OS X 10.7 or later to install and run and can also be located and downloaded via Mac OS X’s Software Update feature. If you’ve tried the new version and have any feedback to offer, please let us know.

Apple releases Java 2013-003 update for Mac OS X 10.7, 10.8 operating systems, Java for Mac OS X 10.6 Update 15

Posted by:
Date: Wednesday, April 17th, 2013, 07:41
Category: News, security, Software

applelogo_silver

A timely security update never goes amiss.

Following up on recently discovered zero-day Java security holes, Apple released Java updates for its Mac OS X 10.6, 10.7 and 10.8 operating systems.

The first update, Java for Mac OS X 10.6 Update 15, stands as a 72.8 megabyte download and offers the following fixes and changes:

- This release updates the Apple-provided system Java SE 6 to version 1.6.0_45 for Mac OS X v10.6.

The update requires an Intel-based Mac running Mac OS X 10.6.8 or later to install and run.

The second update, Apple Java 2013-003, stands as a 68.3 megabyte download and offers the following fixes and changes:

- This release updates the Apple-provided system Java SE 6 to version 1.6.0_45 and is for OS X versions 10.7 or later.

- This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled “Missing plug-in” to go download the latest version of the Java applet plug-in from Oracle.

- This update also removes the Java Preferences application, which is no longer required to configure applet settings.

The update requires an Intel-based Mac running Mac OS X 10.7 or later to install and run.

The updates can be located, snagged and installed via the Software Update feature built into the Mac OS X operating system.

If you’ve tried the updates and have any feedback to offer, please let us know in the comments.

Adobe releases Flash Player 11.7.700.169

Posted by:
Date: Wednesday, April 10th, 2013, 08:15
Category: iOS, iPad, News, security, Software

A hefty update is never unappreciated.

On Wednesday, Adobe released Flash Player 11.7.700.169 for Mac OS X, a 16.9 megabyte download via MacUpdate. The new version adds the following fixes and changes:

Fixed Issues:
- On Retina-enabled OS X devices, Flash applications are scaled incorrectly upon opening (3496539).

-In AIR on iOS, loading a SWF with and embedded video can cause a crash in some circumstances (3514499).

- In AIR on iOS, loading an image from a remote server can cause a crash (3476445).

- On OS X, setting stage.fullScreenSourceRect when renderMode is set to “GPU”, leads to inaccurate mouse position reporting (3512232).

- In the Chrome browser, the copy shortcut (Ctrl/Cmd+C) fails (3496300).

- Attempting to embed a Flash project into Microsoft word can result in a crash (3498002).

- In AIR for iOS, some apps get rejected for missing push notification entitlement (3501744).

- In AIR for iOS, Flex applications running on iPad2 over 3G connections can experience a crash (3435401).

- In AIR for iOS, reloading of pure asset SWFs isn’t allowed (3516971).

- On OS X, some fonts do not rending properly when viewing Flash content in the Google Chrome browser (3506958).

New Features:
- Sandboxing enhancements.

- Prevent Cloud backup for Shared Objects (iOS).

- Use CPU render mode for selected devices (iOS).

- Externally host secondary SWF files (iOS).

Adobe Flash Player 11.7.700.169 requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

If you’ve tried the new Flash Player and have any feedback to offer, please let us know in the comments.

Opera web browser updated to 12.15.1748

Posted by:
Date: Thursday, April 4th, 2013, 07:55
Category: News, security, Software

operalogo

It’s hard to knock a useful web browser update.

On Thursday, Opera Software released version 12.15.1748 of its web browser. The new version, a 20.3 megabyte download via MacUpdate, boasts the following fixes and changes:
- Fixed a moderately severe issue, as reported by Attila Suszter; details will be disclosed at a later date.

- Added safeguards against attacks on the RC4 encryption protocol.

- Fixed an issue where cookies could be set for a top-level domain.

Opera 12.15.1748 is available for free and requires an Intel-based Mac running Mac OS X 10.5.8 or later to install and run.

Apple includes Yontoo trojan on XProtect.plist database

Posted by:
Date: Monday, March 25th, 2013, 07:37
Category: News, security, Software

With any luck, the Yontoo trojan won’t be around on the Mac OS X platform for long.

Per the Intego Security Blog and MacRumors, shortly after news emerged of a new adware trojan targeting OS X web browsers, Apple updated its malware and adware detections list to block Yontoo.

The company has apparently updated its “XProtect” anti-malware system. XProtect.plist will now recognize Yontoo and warn users that attempt to install the software on their computers.

Intego’s post notes that the XProtect detection “is very specific and potentially location-dependent.” The extra specificity, Intego supposes, may be there in order to stop only indirect installations of the file.

News of the Yontoo trojan emerged recently when a Russian anti-virus company pointed out its existence. Yontoo asks users if they want to install a browser plugin, media player, download accelerator, or other video-oriented program. Upon agreeing to the download, the plugin begins transmitting browsing data to an off-site server. User browsing data is processed, and the server sends back a file embedding third-party code into webpages visited by the user. The viewing or clicking of embedded ads then generates ad affiliate network profits for the criminals behind the adware.

Stay tuned for additional details as they become available.

Apple adds two-step verification, other new features to iCloud security

Posted by:
Date: Friday, March 22nd, 2013, 06:44
Category: News, security, Software

When in doubt, beef up the ol’ security system a bit…

On Thursday, Apple has rolled out a new two-step verification service for iCloud and Apple ID users. This functionality greatly enhances the security of Apple accounts because it requires users to use a trusted device and an extra security code.

Per 9to5Mac, the security code can be sent via SMS or via the Find my iPhone iOS app (if it is installed). Users can now setup two-step authentication on their devices via the Apple ID web site. Users need to access the security tab on this website to conduct the setup process.

During the setup process for two-step verification, users can choose which of their iOS devices they want to be “trusted.” This new service will allow only you to be able to reset your password.

Full details can be located at the Apple ID web site.

Advertising-based trojan goes into wild on Mac OS X, Windows platforms

Posted by:
Date: Thursday, March 21st, 2013, 07:55
Category: Hack, News, security, Software

The available list of Mac malware (and jerks creating it) just grew a bit.

Per MacNN, a new Mac trojan is inserting ads into Safari, Chrome, and Firefox, says a Russian security firm, Doctor Web. Nicknamed “Trojan.Yontoo.1,” the malware is so far being distributed through movie trailer pages, which prompt people to download a browser plugin, a media player, a video enhancer, or a download accelerator. When launched, the malware asks to be installed under a name such as “Free Twit Tube.”

In reality, the installer inserts a plugin into the aforementioned browsers, which transmits data about the websites a person visits to a remote server, and inserts ads into places in sites where they wouldn’t otherwise exist. Visiting the official Apple page for the iPad mini, for instance, may trigger an ad for unrealistically low iPad discounts. Doctor Web notes that the attackers could potentially swap out the plugin for different or updated code.

The malware is targeting Windows systems as well, but Doctor Web comments that hackers are increasingly targeting Mac owners, and that such ad schemes generate money regardless of the platform they’re on. The hackers likely receive money for each ad impression, and more if a person actually clicks on an ad. There doesn’t appear to be any defense against the trojan in OS X at the moment, short of rejecting the installation; Apple may, however, be able to create a safeguard by updating the OS’ blacklist.

Stay tuned for additional details as they become available.

New iOS passcode bypass bug discovered one day after iOS 6.1.3 release

Posted by:
Date: Thursday, March 21st, 2013, 07:32
Category: iOS, iPhone, News, security

Well, this is sort of awkward…

Remember how you JUST installed iOS 6.1.3 to get rid of a passcode bypass bug that would allow an unauthorized person to access the Phone app on a locked iPhone? Per iMore and The Next Web, a new bypass bug has been discovered.

The passcode bypass in the previous versions of iOS 6 required a series of well-timed taps and button presses. The result was full access to the Phone app on a locked device without entering the passcode. This new bug (not quite new, it seems to have existed prior to iOS 6.1.3) requires a sequence that’s a little easier to execute as can be seen in this video. For some reason, this bypass seems to to be more difficult to accomplish on newer, Siri-capable devices.



The bypass can be achieved using the iPhone’s Voice Dial feature. By holding the Home button on a device for a few seconds, the Voice Dial feature will come up. Issue a dial command such as “Dial 303-555-1212”, then as the call is being initiated, eject the SIM card. The iPhone detects the SIM has been removed, cancels the call, and displays an alert saying there is no SIM. Behind the alert you will see the Phone app and after dismissing the alert, you will have full access to the Phone app. As before this means you can access contact information as well as all photos on the device.

Initially thought to only be possible on non-Siri phones, reports are now coming in of this bypass being performed on the iPhone 4S and 5 as well, though it doesn’t seem to be as easily reproducible on these devices. Performing the bypass on these devices devices would also require Siri to be disabled and Voice Dial to be enabled.

Unlike the previous bug, this bypass can also easily be prevented by disabling Voice Dial. This can be done in the iPhone’s Settings app, under General > Passcode Lock, by turning the Voice Dial switch to off. With the way Apple has been handling these so far, it would not be surprising to see this fixed in a 6.1.4 update.

Stay tuned for additional details as they become available.

Apple releases iOS 6.1.3 update

Posted by:
Date: Tuesday, March 19th, 2013, 12:59
Category: iOS, iPhone, iPod Touch, News, security, Software

I’ll say this for Apple: it’s getting speedier on its iOS updates.

On Tuesday, Apple released iOS 6.1.3, a 107 megabyte download offering the following fixes for its supported iOS devices:

- Fixes a bug that could allow someone to bypass the passcode and access the Phone app.

- Improvements to Maps in Japan.

iOS 6.1.3 is available via iTunes or Over-The-Air updating and requires an iPhone 3GS, 4, 4S, 5, iPad 2, third or fourth-gen iPad, iPod Touch 4th Gen or iPad Mini to install and run.