Google Chrome updated to 19.0.1084.52

Posted by:
Date: Thursday, May 24th, 2012, 07:46
Category: News, Software

google-chrome-logo

Sorry for the lack of updates yesterday, I was flying across the country and the plane lacked Wi-Fi. During the flight, “The Vow” with Channing Tatum and Rachel McAdams happened to be the in-flight movie, should you choose to plug in headphones and listen to it. During this time, I desperately wanted there to be a director’s cut where the characters are slathered in salmon juice and attacked by irate grizzly bears in every scene…

Google Chrome, Google’s new web browser, just reached version 19.0.1084.52 for the Mac. The new version, a 38.6 megabyte download, offers the following changes:

– [117409] High CVE-2011-3103: Crashes in v8 garbage collection. Credit to the Chromium development community (Brett Wilson).

– [118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).

– [$1000] [120912] High CVE-2011-3105: Use-after-free in first-letter handling. Credit to miaubiz.

– [122654] Critical CVE-2011-3106: Browser memory corruption with websockets over SSL. Credit to the Chromium development community (Dharani Govindan).

– [124625] High CVE-2011-3107: Crashes in the plug-in JavaScript bindings. Credit to the Chromium development community (Dharani Govindan).

– [$1337] [125159] Critical CVE-2011-3108: Use-after-free in browser cache. Credit to “efbiaiinzinz”.

– [Linux only] [$1000] [126296] High CVE-2011-3109: Bad cast in GTK UI. Credit to Micha Bartholomé.

– [126337] [126343] [126378] [127349] [127819] [127868] High CVE-2011-3110: Out of bounds writes in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.

– [$500] [126414] Medium CVE-2011-3111: Invalid read in v8. Credit to Christian Holler.

– [127331] High CVE-2011-3112: Use-after-free with invalid encrypted PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.

– [127883] High CVE-2011-3113: Invalid cast with colorspace handling in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.

– [128014] High CVE-2011-3114: Buffer overflows with PDF functions. Credit to Google Chrome Security Team (scarybeasts).

– [$1000] [128018] High CVE-2011-3115: Type corruption in v8. Credit to Christian Holler.

Google Chrome 19.0.1084.52 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Apple releases Flashback removal tool for Mac OS X 10.5.x operating systems

Posted by:
Date: Tuesday, May 15th, 2012, 05:21
Category: News, security, Software

If you’ve yet to upgrade to Mac OS X 10.6 or Mac OS X 10.7, there’s some good news.

Per Macworld, Apple on Monday released a pair of security updates for the older operating system: Leopard Security Update 2012-003 and Flashback Removal Security Update.

The Leopard Security Update disables older versions of Adobe Flash Player that don’t contain the latest security updates, prompting you to upgrade instead. That mirrors an update Apple offered for Safari on Snow Leopard and Lion last week.

The Flashback Removal Security Update finds and removes the most common variants of that malware; the updater may need to restart your Mac to complete the removal of any malware.

Both updates are available directly from Apple’s website or via Mac OS X’s Software Update feature and require Mac OS X 10.5.8 to install and run.

If you’ve tried the updates/malware removal tools and have any feedback to offer, please let us know in the comments.

Kaspersky Lab to help advice Apple on Mac OS X security

Posted by:
Date: Monday, May 14th, 2012, 10:08
Category: News, security, Software

It never hurts to ask for a helping hand.

Per computing.co.uk, Apple has invited Kaspersky Lab to consult on potential OS X security issues following the aftermath of the largest malware outbreak on the platform.

Kaspersky has begun analyzing the OS X platform at Apple’s request, the company’s chief technology officer, Nikolai Grebennikov, said in an interview with Computing. The Kaspersky executive has publicly called Apple out for not taking security seriously enough.

“Mac OS is really vulnerable, and Apple recently invited us to improve its security,” Grebennikov said. We’ve begun an analysis of its vulnerabilities, and the malware targeting it.”

As one specific security issue with OS X, he noted that Apple has blocked Oracle from directly updating Java on the Mac. Instead, Apple handles the updates, and they typically arrive months after Oracle issues its own patches.

Mac-centric Java development is set to move to Oracle following the latest runtime updates built in-house at Apple. Apple dropped Java from the default installation of OS X 10.7 Lion after the company announced its plans to deprecate the software’s release from the Mac platform.

In April, Oracle released its first Java Development Kit and JavaFX Software Development Kit for Mac users. They arrived one and a half years after Apple announced the depreciation of its own edition of Java for Mac.

Kaspersky’s newfound partnership with Apple comes on the heels of the Flashback malware botnet, which was believed to have infected hundreds of thousands of Macs at its peak. The presence of Flashback was greatly diminished after Apple released a series of software updates to squash the malware, including a Java update and a separate removal tool.

Grebennikov cited the Flashback malware as “a huge sign that Apple’s security model isn’t perfect.” He also predicted that the first malware targeting Apple’s iOS mobile operating system, which powers the iPhone and iPad, will arrive in the next “year or so.”

Stay tuned for additional details as they become available.

Microsoft releases Office 2011 14.2.2, Microsoft Office 2008 12.3.3 updates for Mac

Posted by:
Date: Tuesday, May 8th, 2012, 12:14
Category: News, Software

On Tuesday, Microsoft released its Microsoft Office 2011 14.2.2 update. The update, a 110 megabyte download, adds the following fixes and features:

– This update includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code.

Microsoft Office 2011 14.2.2 requires an Intel-based Mac running Mac OS X 10.5.8 or later to install and run and for the Service Pack 1 updater to have been previously installed.

The company also released version 12.3.3 of its Microsoft Office 2008 suite for Mac. The update, a 217.9 megabyte download, offers the following fixes and features:

– The update includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code.

Microsoft Office 2008 12.3.3 requires Mac OS X 10.4.9 or later to install and run.

If you’ve tried the update and have anything to report back, let us know.

Google Chrome updated to 18.0.1025.168

Posted by:
Date: Tuesday, May 1st, 2012, 06:04
Category: News, Software

google-chrome-logo

Google Chrome, Google’s new web browser, just reached version 18.0.1025.168 for the Mac. The new version, a 35.4 megabyte download, offers the following changes:

– Security and bug fixes.

Google Chrome 18.0.1025.168 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Dr. Web points out dormant nature of Flashback, cites that malware could remain on 650,000 Macs

Posted by:
Date: Tuesday, April 24th, 2012, 06:13
Category: News, security, Software

Well, this is a bit of a kick in the head.

Per Russian security company Dr. Web and Macworld, the Mac Flashback Trojan horse was still installed on more than half a million Apple computers late last week and is declining only slowly.

Although all security companies now agree that the best days for Flashback (or “Flashflake”) are now behind it, the new numbers suggest a greater level of infection than that has been reported by rivals.

Measured by UUID device identifiers, Dr. Web now believes that at its greatest extent, the bot controlled around 817,000 machines, with an average of 550,000 contacting the command and control servers during any 24-hour period.

By April 19, the bot was communicating with 566,000 Macs, down from 673,000 three days earlier, still considerably higher than Symantec’s estimate last week that the bot’s size had shrunk to 270,000 infected systems, and Kaspersky’s figure of 237,000 on April 14 and 15.

Some of the confusion could be down to measuring the bot using either IP addresses or device IDs (UUIDs), and doing so at different points in time.

However, Dr. Web thinks it has a better explanation for the understands this discrepancy, which, it said, has to do with attempts by an unnamed entity (presumably a security company) to block the bot’s activity.

Infected bots had been connecting to a server at 74.207.249.7, which was putting them into a suspended state. All machines doing this would no longer be able to communicate and be registered as ‘active’ by security company sinkholes despite still being infected.

“This is the cause of controversial statistics on one hand, Symantec and Kaspersky Lab reported a significant decline in the number of Backdoor.Flashback.39 bots, on the other hand, Dr. Web repeatedly indicated a far greater number of bots which didn’t tend to decline considerably,” the company argued.

At least one security company—Mac security specialist Intego—agrees with Dr. Web’s contention that Flashback’s infection numbers have recently been underestimated.

“Intego has analyzed the malware, and, following discussions with other security companies, has determined that not only are these numbers [the lower estimates] incorrect, they are underestimating the number of infected Macs,” the company announced in a Friday blog post.

If this is correct, it does at least mean that while infected, these machines are now dormant and presumably beyond the control of the bot controllers.

On Friday, Kaspersky offered more information on how the malware was able to infect its victims through WordPress blog sites that had been compromised to host a malware redirection script.

Stay tuned for additional details and if you haven’t downloaded the latest security updates through Mac OS X’s built-in Software Update feature to help nix the Flashback malware on your Mac.

Kaspersky Lab states Flashback infections drop to under 30,000, warn of potential exploits en route

Posted by:
Date: Thursday, April 19th, 2012, 10:30
Category: News, security, Software

This too shall pass.

Per the cool cats at Ars Technica, Flashback infections have plummeted since Apple released a tool to stop the Trojan, but a security firm has cautioned that more malware could be on the horizon.

Researchers from Kaspersky Lab held a press conference Thursday morning in which they revealed that the number of machines infected by Flashback has dropped to just 30,000. That’s significantly down from the 600,000 Macs it was estimated to have infected at its peak, as well as the 140,000 Macs estimated to have been infected on Tuesday of this week.

Presence of the Trojan has been limited as Apple released a Java update to rid machines of Flashback. And for those that don’t have Java installed and could be harboring a dormant version of the malware, Apple also issued a separate removal tool.

But researchers at Kaspersky believe Flashback could just be the beginning. They believe that hackers will continue to target the Mac, as Apple has gained significant market share in recent years and continues to outgrow the rest of the PC market.

“Market share brings attacker motivation,” Kaspersky officials said. “Expect more drive-by downloads, more Mac OS X mass-malware. Expect cross-platform exploit kits with Mac-specific exploits.”

The Flashback Trojan was first discovered by another security firm, Intego, last September. The software attempts to trick users into installing it by appearing as Adobe’s Flash Player installer package.

Earlier this week, another Mac Trojan was discovered that takes advantage of an exploit in Microsoft Word to spread. Dubbed “LuckyCat,” it uses a Java exploit to infect a targeted machine, allowing a remote user to analyze and even steal data from the system.

Stay tuned for additional details as they become available.

Flashback trojan emerges as “LuckyCat” variant, exploit found to spread malware via Microsoft Word documents

Posted by:
Date: Monday, April 16th, 2012, 09:44
Category: News, security, Software

You’ve got to hand it to whoever developed it: they’re persistent.

Per SecureList, a new version of a backdoor trojan for Apple’s OS X operating system takes advantage of an exploit in Microsoft Word to spread.

The latest variant of the attack known as “LuckyCat” was discovered and detailed by Costin Raiu, Kasperskky lab expert. Raiu found that a dummy infected machine was taken over by a remote user who started analyzing the machine and even stole some documents from the Mac.

“We are pretty confident the operation of the bot was done manually — which means a real attacker, who manually checks the infected machines and extracts data from them,” Raiu wrote in a post.

The new Mac-specific trojan, named “Backdoor.OSX.SabPub.a,” uses a Java exploit to infect targeted machine. It spreads through Microsoft Word documents that exploit a vulnerability known as “CVE-2009-0563.”

The new trojan is noteworthy because it stayed undetected for more than a month and a half before it came alive and data was manually extracted from the machine. That’s different from MaControl, another bot used in attacks discovered in February 2012.

There are currently at least two variants of the “SabPub” trojan, which remains classified as an “active attack.” It is expected that new variants of the bot will be released in the coming weeks, as the latest was created in March.

Security on the Mac has been in the spotlight of late as a result of the “Flashback” trojan that infected more than 600,000 Macs worldwide. Apple addressed the issue with a series of software updates last week designed to remove the trojan from affected machines.

The Flashback botnet harvested personal information and Web browsing logs from infected machines. The trojan, which disguises itself as an Adobe Flash installer, was first discovered last September.

Stay tuned for additional details as they become available.

Apple updates iTunes account security protocols, adds new security prompts for users

Posted by:
Date: Friday, April 13th, 2012, 07:41
Category: News, security, Software

blueituneslogo.jpg

This could make your iTunes account that much more secure.

Or it could make you want to put an axe through the screen as you just want to buy a cool 99 cent app.

Per Ars Technica, Apple has begun asking users to select and answer a series of questions associated with their Apple IDs to enhance security measures.

The security prompts began popping up on iOS devices on Wednesday, wherein users were met with a prompt that states “Security Info Required.”

After being shown the message, users are asked to select from a number of security questions and provide personal answers. Users are also prompted to provide a backup e-mail address in case the primary address associated with their Apple ID is compromised.

The changes are meant to curb fraud and phishing attempts that have been used for many years to hijack iTunes accounts. Because credit card information is tied to a user’s account, nefarious people will steal and resell accounts, allowing people to buy content like music, movies and applications on someone else’s dime.

This week’s changes are only the latest in a series of measures by Apple over the years to improve security associated with iTunes accounts. Some of the steps taken include requiring users to verify their account information when they log into new devices, and upgrading passwords to make them more complex with varying characters.

Some users have been confused by the new security prompts appearing this week, and have expressed concern on the Apple Support Communities website that the alerts could be bogus phishing attempts. However, the revised measures have been proven to be legitimate, and Apple has admitted they are part of an ongoing effort to bolster security.

If you’ve seen these prompts on your end, please let us know what you make of them in the comments.

Apple releases Java for Mac OS X 10.6 Update 8, Java for Mac OS X Lion 2012-003 updates, looks to remove Flashback malware

Posted by:
Date: Friday, April 13th, 2012, 06:25
Category: News, Software

applelogo_silver

Maybe this will settle it once and for all.

Late Thursday, Apple released Java for Mac OS X 10.6 Update 8, the update removing the most common variants of the Flashback malware. The 80.6 megabyte download requires Mac OS X 10.6.8 to install and run.

The company also released Java for Mac OS X Lion 2012-003, which also looks to remove the most common type of the now-infamous Flashback malware. The 63.8 megabyte download requires OS X 10.7 or later to install and run.

The updates, which can be located, downloaded and installed via Mac OS X’s Software Update feature. If you’ve tried the new versions and have any feedback to offer, please let us know in the comments.