Trojan.SMSSend.3666 goes into the wild, poses as Mac OS X software

Posted by:
Date: Thursday, December 13th, 2012, 08:14
Category: News, security, Software

You should listen to your more paranoid relatives around the holiday dinner table when they say that there’ll always be someone trying to run a scam on someone else.

Just because they’re paranoid doesn’t make them wrong.

Per CNET, Russian security firm Dr. Web has uncovered another malware attempt on OS X systems that tries to exploit users with SMS fraud.

The new malware is a Trojan horse, dubbed “Trojan.SMSSend.3666,” and is part of a family of Trojan malware for Windows and other platforms that have affected Windows users for years.

As with all Trojans, these pose as legitimate programs that are made available for download from a number of underground Web sites, with this current one for OS X appearing to be an installer for a program called VKMusic 4, a utility whose legitimate version is used for communication between machines on a European social network called VK.

During its installation, the malware triggers an SMS fraud routine where it asks users to enter cell phone numbers, then sends them SMS messages to confirm, which then subscribes the users to a scam that charges high fees for junk messages being sent to their phones.

Unlike recent malware targeted at OS X, this one is not a Java-based attempt to hack the system and install dropper programs that open backdoor access to the system. This one is built as a Mach-O binary that uses the OS X native runtime; however, this change does not alter the threat level significantly. Since the malware is distributed through underground means and requires specific user interaction both to install, and then subsequently and knowingly provide private information, it is a relatively minimal threat.

However, despite its slight impact, it does add yet another instance to the relatively short list of malware for OS X as compared to those for Windows and other platforms.

As with other recent malware for OS X, this one appears to be built specifically to fool those that use the European VK social network, as opposed to being a more widespread attempt, as was seen with the “MacDefender” malware.

Apple’s current XProtect malware definitions have not yet been updated to identify this new scourge, but as it gets analyzed and identified by security firms, the definitions will spread out for various anti-malware utilities. However, overall the main security tips emphasized by this development are to first check where any installer for your system came from, and then be cautious about giving out personal information including phone numbers and addresses. This is especially true for any installer you downloaded from a site that is not directly from the developer itself.

Stay tuned for additional details as they become available.

Adobe releases Flash Player 11.6.602.108 update

Posted by:
Date: Thursday, December 13th, 2012, 07:11
Category: News, security, Software

adobelogo

On Monday, Adobe released Flash Player 11.6.602.108 for Mac OS X, a 11.9 megabyte download via MacUpdate. The new version is for Adobe Flash Player 11.6.602.108 and earlier versions and adds the following fixes and changes:

- Bug fixes related to security, stability, performance, and device compatibility.

Full release notes are available here and the new version requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

If you’ve tried the new Flash Player and have any feedback to offer, please let us know in the comments.

CrossOver updated to 12.0

Posted by:
Date: Thursday, December 13th, 2012, 07:48
Category: News, Software

CrossOver, the popular virtualization program from CodeWeavers, has been updated to version 12.0. The new version, a 119.5 megabyte download, is available as a demo, offers the following fixes and changes:

WHAT’S NEW:
- CrossOver now incorporates our experimental Mac Driver. With the Mac Driver, Windows programs running under CrossOver no longer have to use the X Window System to interact with the screen and keyboard. This feature is currently experimental but will become the way all CrossOver applications work on OS X in the future.
CrossOver has improved font handling for fonts used by certain applications, such as National Mah Jongg League Online.

Application Support:
- CrossOver now supports World of Tanks.

- CrossOver now supports Quicken 2013.

- CrossOver now supports installation of .Net 4.0.

Improvements to Microsoft Office:
- Fixed a crash displaying certain email messages in Outlook 2010.

- Outlook 2010 will now save passwords.

- Improved Gmail and other IMAP connections with Outlook 2007.

- Fixed auto-discovery during account configuration for Outlook 2007.

- PowerPoint 2010 now displays equations in slide shows.

- PowerPoint 2010 no longer displays blank slides.

- Fixed bugs in Word 2010 which caused the equation editor to be missing structures and formulas.

- Fixed a bug in Word 2010 related to footnote style choices.

- Project 2007 and 2010 can now edit dates for recurring tasks.

- Fixed a crash in Project 2010 when filtering by resource name.

- Visio 2002 can now search for new shapes.

- Visio 2010 now displays properly when multiple shapes are open.

- Star Trek Online is now faster during game updates.

- Quicken 2009 no longer has garbled text on its buttons.

- An issue with installation of .Net 3.5 SP1 was resolved.

- World of Warcraft has had fixes related to patching and installation.

CrossOver and Wine:
- CrossOver is now based on Wine 1.5.15.

- CrossOver’s built-in web-browser will offer to download and install ActiveX controls.

- CrossOver now comes bundled with the Wine-Mono package, an alternative implementation of the .Net API.

- CrossOver now implements Raw Input, the set of APIs used for mouse input by games like Guild Wars 2, World of Tanks, and others.

- Support for printing on a variety of paper sizes has been improved.

- DirectSound has a new resampler, for higher quality audio.

- CrossOver now has sub-pixel font anti-aliasing.

CrossOver 12.0 retails for US$59.95 and requires Mac OS X 10.6 and or later and an Intel-based Mac to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Google Chrome updated to 23.0.1271.97

Posted by:
Date: Wednesday, December 12th, 2012, 08:05
Category: News, Software

google-chrome-logo

Hey, an update’s an update.

Late Tuesday, Google released version 23.0.1271.97 of its Chrome web browser. The update, a 56.5 megabyte download, adds the following fixes and changes:

- Some texts in a Website Settings popup are trimmed (Issue: 159156).

- Some plugins stopped working (Issue: 159896).

- Fixed a known crash (Issue:161854).

Google Chrome 23.0.1271.97 requires an Intel-based Mac with Mac OS X 10.6 or later to install and run. If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Drive Genius updated to 3.2.2, adds fixes

Posted by:
Date: Wednesday, December 12th, 2012, 08:34
Category: News, Software

drivegenius.jpg

Prosoft Engineering has released Drive Genius 3.2.2, an updated version of its drive repair and recovery program for Mac OS X.

The new version, a 15.2 megabyte download” target=”_blank”>download, offers the following fixes and changes:

- When purchasing the full version from within Drive Genius, Drive Genius will automatically detect the purchase and register itself.

- Bug fix: potential stability issues with Defrag, Repair and DriveSlim.

- Bug fix: stability issue on certain Mac Pro systems.

Drive Genius retails for US$99 and requires an Intel-based Mac running Mac OS X 10.6.7 or later installed to install and run.

If you’ve tried the new version and have any feedback to offer, let us know in the comments.

Apple releases Mac mini EFI Firmware Update 1.7, works to address HDMI flicker issue on late-2012 Mac mini

Posted by:
Date: Tuesday, December 11th, 2012, 07:20
Category: Mac mini, News, Software

You can’t knock a good firmware update.

Late Monday, Apple released Mac mini EFI Firmware Update 1.7, the company’s firmware updater for the late-2012 Mac mini desktop. The update, a 4.8 megabyte download, addresses HDMI video flicker issues on Mac mini (Late 2012) computers and is recommended for all users.

The EFI Firmware Update 1.7 requires a late-2012 Mac mini running OS X 10.8.2 or later to install and run and can be directly downloaded or located and installed via the Software Update feature.

If you’ve tried the updater and have any feedback to offer, please let us know in the comments.

OnyX 2.6.5 beta 2 released, now available to public

Posted by:
Date: Monday, December 10th, 2012, 07:48
Category: News, Software

onyxicon

OnyX, Titanium Software’s popular freeware multifunction utility for Mac OS X, has been updated to version 2.6.5 beta 2. The new beta, a 16.5 megabyte download via MacUpdate, adds the following fixes and changes:

- New application developed in AppleScriptObjC now.

OnyX 2.6.5 beta 2 requires an Intel-based processor and OS X 10.8 or later to install and run.

If you’ve tried the new version and have any feedback, please let us know in the comments.

Apple hires Kristin Paget to help strengthen OS X’s security protocols

Posted by:
Date: Friday, December 7th, 2012, 07:59
Category: News, security, Software

applelogo_silver

If you’re going to be a target for hackers, you might want to hire someone with extensive experience for a company that’s long been a target…

Per Wired, tt was discovered on Thursday that famed hacker and former Microsoft employee Kristin Paget is now working for Apple as a core operating system security researcher, suggesting the Cupertino company is beefing up OS X safeguards amid recent Mac-directed malware attacks.

When employed by Microsoft, Paget worked alongside a small team of hackers tasked to find security holes in Windows Vista before the OS was released to the public in 2007. The group apparently found so many flaws that Vista’s launch date was pushed back while fixes were put in place.

According to her LinkedIn profile, as of September, Paget is listed as being a “Core OS Security Researcher at Apple” based out of Cupertino. Previously, she held the position of chief hacker at security firm Recursion Ventures, but said in June that she wanted to find a job building “security-focused hardware.”

Paget, formerly known as Chris Paget, gained notoriety for a number of hacker feats of strength, including a cellphone call-intercepting station at the Defcon hacker conference and a long-range RFID identifier duplication device.

While the hacker’s responsibilites at Apple remain unknown, it can be speculated that she will be working to thwart future attacks like the Flashback trojan that affected an estimated 600,000 Macs in April. Most recently, a piece of Mac-targeted malware similar to Flashback was found embedded in a webpage dedicated to the Dalai Lama.

Apple releases Final Cut Pro X 10.0.7 update

Posted by:
Date: Friday, December 7th, 2012, 07:56
Category: News, Software

A useful update’s a useful update.

Late Thursday, Apple released version 10.0.7 of its Final Cut Pro X video editing software.

The update, a 1.41 gigabyte download, adds the following fixes and changes:
- The Letterbox effect “Offset” slider has been restored.

- Fixes an issue when creating a single layer DVD.

- Fixes an issue where some third-party effects could cause Final Cut Pro to hang during background rendering.

- Fixes an issue where some third-party transitions would incorrectly use black instead of source media.

- Adds support for editing MXF files that are still ingesting.

- Fixes an issue rendering Motion Templates containing Image Units.

Final Cut Pro X 10.0.7 requires an Intel-based Mac running Mac OS X 10.6.8 or later to install and run and retails for US$299.99

If you’ve tried version 10.0.7 of Final Cut Pro X and have any feedback to offer, please let us know in the comments.

Apple releases updated OS X 10.8.3 beta, begins allowing developers access to new builds via Software Update feature

Posted by:
Date: Thursday, December 6th, 2012, 06:09
Category: News, Software

This could be useful.

Per AppleInsider, a little over one week after Apple seeded build 12D32 of its OS X 10.8.3 beta to developers, the company has rolled out another version of the software adding a new functionality that allows developers to download and install pre-release versions directly from Software Update in the Mac App Store.

Sources familiar with new beta, dubbed build “12D38″, have stated that the latest pre-release builds are now available through Software Update with a tool called “OS X Software Update Seed Configuration Utility,” allowing developers to access new builds in much the same way as consumers. When new seeds are made available, Apple will reportedly send out notifications to install the update via the Mac App Store, these people said. Email notices will also continue to be sent out.

As with the build released at the end of November, Apple is once again asking developers to focus on AirPlay, AirPort, Graphics and Game Center, but adds Safari into the mix with 12D38 without offering further explanation.

Known issues in the newest build mostly deal with graphics issues like blank or black screens when waking a machine from a sleep state, switching between applications or using VNC to remotely control a Mac.

If you’ve gotten your mitts on the latest OS X 10.8.3 beta and have any feedback to offer, please let us know in the comments.