Security

It’s like Apple is slowly evolving into Microsoft on the carelessness level! Yes, I get it, Java is not seen as one of the most awesome things to have displayed in a Web browser. But it should be noted that it is still commonly used regardless and keeping things up to date is critical.
Sadly, it [...]

In general, I like to think that most people know not to download everything that they are told to without at least giving it some thought before doing so. This being said, if this was the case with everyone, then news stories about malware such as the OSX.RSPlug variant would not be a big concern. [...]

What you’re looking at (jump here to see), if you’re running OS X Tiger with an iSight camera (or any other connected Web cam) is a live image of yourself. A simple little plug-in for QuickTime and a single line of code in a Web page and there you have it. Freaky. [...]

Baseline is stating the obvious in its latest article of warning: unpatched old software is a security hazard to your computer. Windows or Mac or Linux or any other operating system. Security updates are released for the sole reason of patching holes that open your computer to vulnerabilities. Yet many won’t update [...]

First we had the new ads where Apple explicitly said that viruses and worms are not an issue when you use OS X.
Today I got pointed to an article where Apple makes some firm statements regarding the security within OS X.
This is remarkable because Apple never talked about security before. This could have [...]

Mac users were hit with a virus last February called Leap.A, aka Oompa Loompa, that was accompanied with some fan fare. Even though Apple claimed it wasn’t a virus, it still released a patch to insure other smart kiddies didn’t ride the iChat vulnerability further. Truth was, it was a bit virus, a [...]

The rumor is that Apple is patching, for the second time, the previous patch. This because the first previous patch contained flaws! This is nothing like we are used to with Apple…
But then again, even Apple employees can make mistakes.
In the latest patch (Security Update 2006-002 v1.1), the following issues where addressed:

apache_mod_php
CoreTypes, LaunchServices
Mail
rsync
Safari
These updates are [...]

Critical: Extremely critical
Impact: Security Bypass, System access
Where: From remote
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) Under certain circumstances, it is possible for JavaScript to bypass the same-origin policy via specially crafted archives.
2) A boundary error in Mail can be exploited to cause a buffer overflow via a specially [...]

Like most Mac freaks will know by now, there is a story going around that a Mac mini was hacked within 30 minutes of its connection to the Internet. This was some kind of strange contest that was going around. The guy that hacked this box said that: Mac OS X was “easy pickings” due [...]

Looks like there’s a big security hole in Safari (as well as Firefox) that takes advantage of the “open safe files” feature. From 4null4.de:
If this facility runs across a shell script that is missing the so-called Shebang-row, the system won’t ask the user whether to execute the file automatically anymore - it’ll just execute [...]

Yes, there is some nasty news from the malicious code front. This time it’s not, like always, on the PC, but on our beloved Macs! This was something waiting to happen, though; the popularity is rising and so is the threat of viruses and Trojans.
The site Mac Rumors reported the following:
On the evening of [...]

According to the security expert Neal Archibald, OS X is insecure. He states that there are many old leaks which are solved for years in other operating systems. The only thing that’s keeping these leaks from popping up is the low market share. He says that, unless Apple is addressing these issues, the security future [...]

Bill Brenner writes on SearchSecurity.com,
Apple Computer Inc. released a bushel of patches for Mac OS X Tuesday, fixing 13 flaws attackers could exploit to bypass security restrictions, gain unauthorized system access, compromise sensitive data and launch malicious code.
Cupertino, Calif.-based AV giant Symantec Corp. sent customers of its DeepSight Threat Management System an e-mail bulletin Tuesday, [...]

Secunia Advisory: SA17368
Critical: Less critical
Impact: Security Bypass, Exposure of system information, Exposure of sensitive information
Where: Local system
Solution Status: Vendor Patch
OS: Apple Macintosh OS X
Apple has issued an update for Mac OS X. This fixes some vulnerabilities and a security issue, which can be exploited by malicious, local users to bypass certain security restrictions or to [...]

“Secunia Advisory: SA16920
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, Privilege escalation, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X

“Secunia Advisory: SA16449
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Apple has issued a security update for Mac OS X, which fixes more
than 40 vulnerabilities….
Solution: Apply Security Update 2005-007.
Mac OS X 10.3.9 Client:
http://www.apple.com/support/downloads/securityupdate2005007macosx1039client.html
Mac OS X 10.3.9 Server:
http://www.apple.com/support/downloads/securityupdate2005007macosx1039server.html
Mac OS X 10.4.2 [...]

“Secunia Advisory: SA15481
Critical: Highly critical
Impact: Unknown, Security Bypass, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X
Apple has issued a security update for Mac OS X, which fixes various vulnerabilities….

Secunia Advisory: SA14974
Critical: Moderately critical
Impact: Security Bypass, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X
Software: Safari 1.x
Apple has issued an update for Mac OS X, which fixes various vulnerabilities….

“Secunia Advisory: SA14873
Critical: Moderately critical
Impact: Exposure of system information, Exposure of sensitive information
Where: From remote
Solution Status: Unpatched
Software: Camino 0.x
A vulnerability has been discovered in Camino, which can be exploited by malicious people to gain knowledge of potentially sensitive information.
For more information:
SA14820
The vulnerability has been confirmed in version 0.8.3. Other versions may also be affected.
Solution: Disable JavaScript [...]

Secunia Advisory: SA14346
Apple has acknowledged a vulnerability in Java for Mac OS X, which can be exploited by malicious people to compromise a user’s system.
For more information:
SA13271
NOTE: This does not affect releases prior to Java 1.4.2 on Mac OS X.