Macs are also vulnerable


in Geek stuff, Internet matters, Rants, Security

If you think your computer is secure because it is a Mac, you are dead wrong. The latest patch for OS X – 10.6.8 – contains 29 patches for security holes that allow arbitrary code execution. Any of those holes could be used to totally own your computer, circumventing any antivirus or encryption software you may be running. These 29 have been patched, but you can be sure there are others in the OS and in popular software like Flash and Adobe’s PDF reader.

If you want to keep a system safe, keep it physically disconnected from the internet.

{ 24 comments… read them below or add one }

EK June 24, 2011 at 4:32 pm

Do you have any recommendations for good security software for Mac?

dp June 24, 2011 at 9:33 pm

trust nobody

Milan June 25, 2011 at 8:42 pm

The most important thing is probably to keep Mac OS X itself fully updated, and avoid sketchy websites, Facebook applications, file-sharing services, etc.

Milan June 25, 2011 at 8:43 pm

It never hurts to have a good backup in case of data loss, not to mention to keep any sensitive information in a FileVault protected partition.

You can use more robust encryption if you want more security, but it is probably less convenient.

. July 27, 2011 at 7:50 am

Growing List of Security Threats to Mac OS X Lion
By Damon Poeter

Long gone are the days when Apple lovers could take pride in their virus-free Macs while snickering at PC owners’ constant worries about security. Apple’s brand new Mac OS X Lion operating system is already acquiring an unhealthy list of reported vulnerabilities less than a week after its official release.

Some Lion vulnerabilities are carry-overs from Snow Leopard, like the “Mac Defender” class of scareware that first surfaced in May   . Apple’s recent software update   to prep Macs running Snow Leopard for Lion installation includes identification and removal of known variants of the malware.

Like Mac Defender, another newly identified OS X threat called the Olyx backdoor appears to be a variant of Microsoft Windows-targeting malware that’s simply been tweaked to go after Macs.

. November 2, 2011 at 8:35 pm

A newly identified Mac OS X Trojan bundles a component that leverages the processing power of video cards to generate Bitcoins, a popular type of virtual currency. The new Trojan was dubbed DevilRobber by antivirus vendors and is being distributed together with several software applications via BitTorrent sites.

. November 13, 2011 at 8:42 pm

Mac OS X Sandbox Security Hole Uncovered
by samzenpus

Gunkerty Jeb writes “Researchers at Core Security Technologies have uncovered a security hole that could allow someone to circumvent the application sandbox restrictions of Mac OS X. The report of the vulnerability, which affects Mac OS X 10.7x, 10.6x and 10.5x, follows Apple’s announcement earlier this month that all applications submitted to the Mac App store must implement sandboxing as of March 1, 2012. Sandboxing, Apple has argued, limits the resources applications can access and makes it more difficult for malware to compromise systems. Researchers at Core however revealed Nov. 10 that they had warned Apple in September about a vulnerability in their sandboxing approach. According to Core’s advisory, several of the default predefined sandbox profiles fail to ‘properly limit all the available mechanisms.’ As a result, the sandboxing restrictions can be circumvented through the use of Apple events.”

. April 5, 2012 at 8:06 am

Biggest Apple botnet discovered: 600K+ Macs infected

Russian researchers have discovered a botnet of more than 600,000 Macs. Yes, Macs — you know, those things that don’t get malware. Apple (NASDAQ:AAPL) is coming under heavy criticism for its slow response to known vulnerabilities and for perpetuating the myth that OS X is malware-free. In IT Blogwatch, bloggers count the cost.

. April 5, 2012 at 12:02 pm

Apple computers hit by global Mac malware outbreak

Malicious software designed to steal personal information has infected more than 600,000 Mac computers worldwide, warns a Russian cyber security firm, with the vast majority of victims in the United States and Canada.

Moscow-based anti-virus vendor Dr. Web said Wednesday malware known as the Flashback Trojan had managed to install itself on about 550,000 Apple Inc. computers around the world, with 57% of infected PCs in the U.S. and another 20% in Canada. Sorokin Ivan, an analyst with the company, said on Twitter later in the day the number of compromised machines had risen past 600,000, with 274 of them based in Cupertino, the southern California city where Apple is headquartered.

“This once again refutes claims by some experts that there are no cyber-threats to Mac OS X,” Dr. Web said.

CNET first reported on the existence of Flashback last September when the trojan was pretending to be a plug-in installer for Adobe’s Flash Player, though a new version began proliferating in February engineered to exploit a vulnerability in the Mac operating system related to how it reads the Java programming language. Users can become infected simply by navigating to a compromised web site which Dr. Web said could number more than four million.

. April 16, 2012 at 12:18 pm

Another Mac OS X Trojan has been spotted in the wild; this one exploits Java vulnerabilities just like the Flashback Trojan. Also just like Flashback, this new Trojan requires no user interaction to infect your Apple Mac. Kaspersky refers to it as ‘Backdoor.OSX.SabPub.a’ while Sophos calls it at ‘SX/Sabpab-A.

. May 7, 2012 at 1:16 pm
anon March 21, 2013 at 12:55 pm

Ad-injecting trojan targets Mac users on Safari, Firefox, and Chrome

Users are socially engineered into installing the trojan and seeing rogue ads.

. August 16, 2013 at 9:58 pm
. January 12, 2014 at 1:36 pm

“According to security company Sophos, around 55% of home users and 18% of enterprise users have updated to Mavericks, the latest version of Mac OS (10.9). Unfortunately Apple appears to have stopped providing security updates for older versions. Indeed, they list Mavericks itself as a security update. This means that the majority of users are no longer getting critical security patches. Sophos recommends taking similar precautions to those recommended for people who cannot upgrade from Windows XP.”

. January 12, 2014 at 1:36 pm
. February 24, 2014 at 9:49 pm

Apple Inc. has pushed an update for iOS mobile devices to close a gaping hole in its security software, which gave spies and hackers the ability to grab e-mail, financial information and other sensitive data. An update for its Mac computers is reportedly coming “very soon.”

Confirming researchers’ findings late Friday that a major security flaw in iPhones and iPads also appears in notebook and desktop machines running Mac OS X, Apple spokeswoman Trudy Muller told Reuters: “We are aware of this issue and already have a software fix that will be released very soon.”

. February 24, 2014 at 9:50 pm

The problem lies in the way the software recognizes the digital certificates used by banking sites, Google’s Gmail service, Facebook and others to establish encrypted connections. A single line in the program and an omitted bracket meant that those certificates were not authenticated at all, so that hackers can impersonate the website being sought and capture all the electronic traffic before passing it along to the real site.

In addition to intercepting data, hackers could insert malicious web links in real e-mails, winning full control of the target computer.

The intruders do need to have access to the victim’s network, either through a relationship with the telecom carrier or through a WiFi wireless setup common in public places. Industry veterans warned users to avoid unsecured WiFi until the software patch is available and installed.

anon February 25, 2014 at 11:20 am

The programming error allows a malicious party to corrupt the integrity of a secure internet connection without those either side knowing. This allows snooping on e-mails, passwords, financial transactions, web sessions, instant messaging and much more. The flaw is present in iOS software, used for iPhones and iPads since September 2012, as well as in Mac OS X 10.9, released in June 2013 for Macintosh computers. The scale of the problem is astonishing: a man-in-the-middle (MitM in cryptographic jargon) could commandeer any secure connection from a Wi-Fi network in a coffeeshop up to the infiltration of an entire country, as exploited by certain governments and their agents in the past.

Apple’s SSL/TLS bug (22 Feb 2014)

. December 27, 2014 at 2:41 pm

Thunderbolt Rootkit Vector

Attackers can infect MacBook computers with highly persistent boot rootkits by connecting malicious devices to them over the Thunderbolt interface. The attack, dubbed Thunderstrike, installs malicious code in a MacBook’s boot ROM (read-only memory), which is stored in a chip on the motherboard. It was devised by a security researcher named Trammell Hudson based on a two-year old vulnerability and will be demonstrated next week at the 31st Chaos Communication Congress in Hamburg.

. January 8, 2015 at 11:12 pm

A vulnerability at the heart of Apple’s Mac OS X systems—one thus far only partially addressed by Apple—opens the door to the installation of malicious firmware bootkits that resist cleanup and give hackers persistent, stealthy control over a compromised Mac. The research is the work of a reverse engineering hobbyist and security researcher named Trammel Hudson, who gave a talk at the recent 31C3 event in Hamburg, Germany, during which he described an attack he called Thunderstrike. Thunderstrike is a Mac OS X bootkit delivered either through direct access to the Apple hardware (at the manufacturer or in transport), or via a Thunderbolt-connected peripheral device; the latter attack vector exposes vulnerable systems to Evil Maid attacks, or state-sponsored attacks where laptops are confiscated and examined in airports or border crossings, for example.

Hudson’s bootkit takes advantage of a vulnerability in how Apple computers deal with peripheral devices connected over Thunderbolt ports during a firmware update. In these cases, the flash is left unlocked, allowing an Option ROM, or peripheral firmware, to run during recovery mode boots. It then has to slip past Apple’s RSA signature check. Apple stores its public key in the boot ROM and signs firmware updates with its private key. The Option ROM over Thunderbolt circumvents this process and writes its own RSA key so that future updates can only be signed by the attacker’s key. The attack also disables the loading of further Option ROMs, closing that window of opportunity.

. August 4, 2015 at 3:47 pm
. September 21, 2015 at 12:39 am

Apple’s iOS App Store suffers first major cyber attack

Apple Inc said on Sunday it is cleaning up its iOS App Store to remove malicious iPhone and iPad programs identified in the first large-scale attack on the popular mobile software outlet.

The company disclosed the effort after several cyber security firms reported finding a malicious program dubbed XcodeGhost that was embedded in hundreds of legitimate apps.

It is the first reported case of large numbers of malicious software programs making their way past Apple’s stringent app review process. Prior to this attack, a total of just five malicious apps had ever been found in the App Store, according to cyber security firm Palo Alto Networks Inc.

The hackers embedded the malicious code in these apps by convincing developers of legitimate software to use a tainted, counterfeit version of Apple’s software for creating iOS and Mac apps, which is known as Xcode, Apple said.

. March 7, 2016 at 5:34 pm

New ransomware targets Apple Mac computers for 1st time

KeRanger malware infected popular Transmission software during a cyberattack on software’s developer

. July 2, 2020 at 9:12 pm

New Mac Ransomware Is Even More Sinister Than It Appears

The threat of ransomware may seem ubiquitous, but there haven’t been too many strains tailored specifically to infect Apple’s Mac computers since the first full-fledged Mac ransomware surfaced only four years ago. So when Dinesh Devadoss, a malware researcher at the firm K7 Lab, published findings on Tuesday about a new example of Mac ransomware, that fact alone was significant. It turns out, though, that the malware, which researchers are now calling ThiefQuest, gets more interesting from there. In addition to ransomware, ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in. The spyware component also lurks persistently as a backdoor on infected devices, meaning it sticks around even after a computer reboots, and could be used as a launchpad for additional, or “second stage,” attacks. Given that ransomware is so rare on Macs to begin with, this one-two punch is especially noteworthy.

Leave a Comment

Previous post:

Next post: