Mac users face rare virus

TalkBack 16 of 29:

Next »

« Previous

• Thread View
• Flat View

Mac and Security - it's not so bad as Windows, but ...

Mac Security News:

5.21.2004 News
Advisory Update Apple has released a security update to address the URI issue with the web browser. The Apple security update can be obtained through Mac OS X Software Update panel.

Mac OS X URI handler allows for arbitrary code execution. In this advisory it details the seriousness of this apple security issue and how the URI Helpers can be abused to run arbitrary maliciously. It has been reported while using IE and Safari while surfing malicious websites code may execute the browsers helper handler to run arbitrary code.

4.9.2004 News
A Mac OS X proof of concept trojan has been found showing the potential of trojans in Mac OS X. The proof of concept did not harm anything it was dubbed MP3Concept or MP3Virus.gen and added into the anti-virus definitions for future protection of this style. This trojan contains the file extension of .mp3 although it is not, the icon itself is hardcoded into the trojan and not picked up based on file creator associations. The file itself is a Carbon (CFM) application with the file type of APPL. iTunes should not be able to execute a trojan or virus, and this file would only be able to run if double clicked on to execute it. It does have potential for manipulation to cause harm but at its current state did not, it was a benign trojan proof of concept code.

Many news media sources are reporting this finding to be destructive as if it were a trojan or virus to cause harm. Again it was proof of concept showing the ability allowing the anti-virus companies to have a heads up and protect against future manipulations of the code.

12.19.2003 News
Apple released Security Update 2003-12-19 described to offer numerious security updates such as fixes for directory services, fetchmail, fs_usage,rsync, system root via usb keyboard, file server, and a few buffer overflow issues.
http://www.securemac.com/macosx-usbkeyboard-root.php

12.17.2003 News
Apple released 10.3.2 accessable via the software update pane in Mac OS X. The update includes enhancements for FileVault and increased security for the system.

11.26.2003 News
Security Advisory William Carrel's Security Advisory is SERIOUS. Mac OS X is vulnerable to Malicious DHCP responses granting root access to remote users. Full security advisory can be found here: http://www.carrel.org/dhcp-vuln.html

11.10.2003 News
Security Advisory FileVault in Mac OS X 10.3 (Panther) does not securely delete the files it encrypts that can be restored with file recovery software. FileVault Security Advisory - Secure Delete after Encryption.

10.31.2003 News
Security Advisory: Mac OS X 10.2.7 and prior along with a USB Keyboard contain a security vulnerability that allows a user to gain root access to the computer by holding down a two key combination during startup that only. Read about root access via USB Keyboard on Mac OS X.
http://www.securemac.com/macosx-usbkeyboard-root.php

10.28.2003 News
Panther Security Advisory: Mac OS X Panther (10.3) contains a security vulnerability; With access to the keyboard, an unauthorized user can access the currently active screen-locked user environment. Security Advisory - Read full
http://www.securemac.com/macosx-screenlock-bypass.php

10.24.2003 News
Mac OS X 10.3 (A.k.a. Panther) has been released. This new version contains many new security features, fixes and all around new applications for the Mac OS X users. Amoungst the new features is the file security utility FileVault, review to come shortly.

9.17.2003 News
New SSH Exploit (http://www.openssh.com/txt/buffer.adv) affects Mac OS X granting the attacker access to the computer as root. This security issue is vulnerable in OpenSSH version prior to 3.7, and Mac OS X is currently only at OpenSSH 3.4. To protect yourself from being vulnerable to this security risk disable SSH access to your computer by accessing your Sharing Control Pane and make sure that Remote Login is disable. Or setup your firewall to restrict access to the SSH port to only allow trusted connections. We will update this issue when Apple releases a security update.

7.07.2003 News
A security vulnerability in Mac OS X's password protected screensaver has been discovered allowing a user with physical access to bypass the screensaver's authentication scheme without supplying a valid password.
http://www.securemac.com/macosx-screensaver-security.php

5.13.2003 News
Keep your Apple AirPort Administrator Password Safe. An advisory has been released detailing an issue how an anonymous attacker can sniff and obtain the Administrator's password when the administrator logs into the AirPort Base Station to manage while connecting to it via a network or non-WEP enabled wireless connection based on the units method of password authentication. Secure connectivity can be obtained by connecting a computer directly to the computer via a cross-over cable. Full details about the authentication credentials involved with the AirPort can be read in the @Stake advisory - CAN-2003-0270
http://www.atstake.com/research/advisories/2003/a051203-1.txt

4.10.2003 News
Security Update!Mac OS X 10.2.5 has been made available for update! This version fixes a security issue in Apache 2.0 (CAN-2003-0132), File Sharing/Service (CAN-2003-0198), DirectoryService (@STAKE), OpenSSL (CAN-2003-0131), Samba (CAN-2003-0201), and sendmail (CAN-2003-0161). Details as follows:

Directory Services - Mac OS X and Mac OS X Server contains a security hole in DirectoryServices which allows for escalation of privledges and denial of service attack which is fixed with the 10.2.5 update. DirectoryServices is part of the operating systems information services subsystem, and is launched at being setuid as root by default. Credit for this find goes to Dave G. as noted by Apple's security advisory.

OpenSSL - The new version fixes OpenSSL so it is not suspectable to the known Klima-Pokorny-Rosa attack.

sendmail - contained a issue where it did not adequately check the length of email addresses in the address parsing code.

Apache 2.0 - Fixed a known denial of service vulnerability in Apache 2.0 - 2.0.44, the apache 2.0 service is only present in the Mac OS X server.

4.1.2003 News
PGP Corporation has released PGP 8.0.2 for Mac OS X. This is a free update to all the users of PGP 8.0. PGP Enterprise 8.0.2 for Mac OS X introduces PGP Admin for Mac OS X. 8.0.2 also adds OpenPGP security improvements and a new user interface for signature verification.
http://www.pgp.com/products/802.html

3.24.2003 News
Apple has released Security Update 2002-03-24 which is downloadable via Software Update in Mac OS X. This update addresses a few security issues which are vulnerable including Samba's vulnerability of allowing the possibility for an unauthorized remote user to access the system. OpenSSL security fixes are also included in this update, a issue lays within OpenSSL where the RSA private key could be compromised when communicating over certain protocols.

3.04.2003 News
A security vulnerability in SENDMAIL included in Mac OS X has been fixed and addressed in Apple's Software Update. Please update your Mac OS X immediately. ISS warning discusses the issue.
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950

3.03.2003 News
MacScan Public Beta 3 has been released. MacScan runs on both Mac OS Classic and Mac OS X to detect, isolate, and remove spyware. This new version includes bug fixes, new spyware detection and also full administrative scan for Mac OS X.
http://macscan.securemac.com/

2.14.2003 News
Apple has released Mac OS X 10.2.4 which addresses a security issue discovered by @Stake known as the TruBlueEnvironment Privilege Escalation Attack. Clicking the link will take you to a page with information on the subject and the advisory. The security issue exists in Mac OS X system prior to 10.2.4 and allows for local users to gain root privledges.
http://www.securemac.com/TruBlueEnvironment-privilege-escalation-attack.php

1.31.2003 News
Mac OS X Screen Effects' password protection contains a security flaw which allows for a user with physical access to the keyboard to be able to quit or launch programs while being prompted to enter the password. When full Keyboard access is turned on (toggled on/off by pressing shift+f1) the doc can be accessed 'blindly' although you can not see it, the doc is still functioning.

12.20.2002 News
Apple has released Mac OS X 10.2.3 which adds security fixes to the operating system as well as more support and bug fixes. Below outlines the security updates details.

fetchmail updated to version 6.1.2+IMAP-GSS+SSL+INET6
CAN-2002-1383: Multiple Integer Overflows
CAN-2002-1366: /etc/cups/certs/ Race Condition
CAN-2002-1367: Adding Printers with UDP Packets
CAN-2002-1368: Negative Length Memcpy() Calls
CAN-2002-1384: Integer Overflows in pdftops Filter and Xpdf
CAN-2002-1369: Unsafe Strncat Function Call in jobs.c
CAN-2002-1370: Root Certificate Design Flaw
CAN-2002-1371: Zero Width Images in filters/image-gif.c
CAN-2002-1372: File Descriptor Resource Leaks

Apple Software Updates are performed by accessing the Software Update pane located in the system preferences.

12.17.2002 News
Updated MacScan detects, isolates and removes spyware from your Macintosh. SecureMac.com's MacScan is available for immediate download for Mac OS Classic (PPC/68k FAT) and MAC OS X. Visit the link above to learn more about and download MacScan b2. [PRESS RELEASE]
http://macscan.securemac.com/press-release-12-13-2002.html

11.21.2002 News
Mac OS X 10.2.2 is available for download, go to the Software Update Panel and proceed to update. The fix includes a few security related issues as well as many bugs in the system.

The security update addresses, 11-21-2002 fixes a security issue related to BIND (Domain Server and Client Library Software) where a unauthorized person disrupt the normal operation.

9.23.2002 News
Mac OS X 10.2 Security Update - "Terminal This update fixes a security hole introduced in Terminal version 1.3 (v81) that shipped with Mac OS X 10.2 (Jaguar) which could allow an attacker to remotely execute arbitrary commands on the user's system. Terminal is updated to version 1.3.1 (v82) with this Security Update." Updates can be downloaded from the Software Update Pane.

8.8.2002 News
Security Update 2002-08-02 is out and includes the following updated programs offering increased security protecting from recent attacks and holes discovered that effected the components; OpenSSH, OpenSSL, SunRPC, mod_ssl. Download via Apple's OS X Software Update Panel or download from Apple's Web Site
http://docs.info.apple.com/article.html?artnum=120139

7.16.2002 News
Fixed! A security issue dubbed as Mac OS X SoftwareUpdate Security Issue describes how a user could have the SoftwareUpdate Pane install files from an untrusted server by poisoning the DNS in tricking the computer to believe that another IP is Apple's host and install malicious software has been fixed by apple, performing a software update will resolve the issues or visit the depot site.
http://www.securemac.com/macosxphantomupdate.php

6.28.2002 News
Mac OS X users should now perform a system update to install the latest security fixes resolving the issues described below which allowed remote users to attack the system.

6.26.2002 News
Security Alert //fixed! Mac OS X systems with 'allow remote login' enabled in the sharing pane of the system preferences should be disabled until a new release of OpenSSH has been made available from Apple in the security updates.View advisory now a new version of the software is out but not available through the Apple Software Updates. This has been fixed - Update Software in Pane
http://openssh.org/txt/preauth.adv

6.19.2002 News
Security Advisory Cisco VPN Client for Linux, Solaris and Mac OS X contains a security vulnerability, when the exploit is executed the vpnclient grants administrative rights to the local user. More information and fix, update and advisory for the mac os x cisco client.
http://www.securemac.com/cisco-vpn-client-mac-os-x-vulnerability.php

5.13.2002 News
Microsoft Office 98 running on Mac OS 8.1+ is vulnerable to a exploit that allows malicious code to be run. Microsoft has released a patch that fixes all the Office 98 applications (Excel 98, Office 98, PowerPoint 98, and Word 98) more information can be found on their bulletin Off98URLSecurity.
http://www.microsoft.com/security/security_bulletins/ms02019_mac.asp

4.17.2002 News
Mac OS X Update 10.1.4 is now available and includes the following security enhancement for your system:
* BSD-based TCP/IP connections now check and block broadcast or multicast IP destination addresses

The Software Update pane in System Preferences will update the system software with these security fixes and additional updates

4.16.2002 News
Alert! Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute code. Anyone running Internet Explorer and Office for the Macintosh should read the information here.
http://www.securemac.com/microsoftinternalmishandlingsecurity.php

4.05.2002 News
Mac OS X Security update is available for download. To do so open up the Software update in the System Panel and perform the security update or download for Apples web site. This update fixes/upgrades/installs the following:

Apache Mod_SSL - updated to version 2.8.7-1.3.23 to address a buffer overflow vulnerability which could potentially be used to run arbitrary code in conjuction Apache is updated to version 1.3.23.
http://online.securityfocus.com/advisories/3937

groff updated version 1.17.2 to address the vulnerability CVE ID: CAN-2002-0003, where an attacker could gain rights as the 'lp' user remotely.
http://online.securityfocus.com/advisories/3859

mail_cmds is updated to fix a vulnerability where users could be added to the mail group

OpenSSH - updated to version 3.1p1 to address the vulnerability reported in FreeBSD Security Advisory FreeBSD-SA-02:13, where an attacker could influence the contents of the memory.
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc

PHP - updated to version 4.1.2 to address the vulnerability reported in CERT CA-2002-05, which could allow an intruder to execute arbitrary code with the privileges of the web server.
http://www.cert.org/advisories/CA-2002-05.html

rsync - updated to version 2.5.2 addresses a vulnerability which could lead to corruption of the stack and possibly to execution of arbitrary code as the root user. FreeBSD Security Advisory FreeBSD-SA-02:10
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:10.rsync.asc

sudo - updated to version 1.6.5p2 to address the vulnerability reported in FreeBSD Security Advisory FreeBSD-SA-02:06, where a local user may obtain superuser privileges.
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:06.sudo.asc

4.01.2002 News
Protect Your Mac from Hackers and Viruses is a article which informs Macintosh users about security and details the importances of data recovery and loss prevention. Read this article now
http://www.securemac.com/datarecover.php

3.08.2002 News
Mac OS X users running Apache with PHP installed be aware there is a security issue in PHP versions prior to 4.1.2. OpenOSX.com has prepared a 4.1.2 install of PHP for Mac OS X which corrects the security issue.
http://openosx.com/support/index.html

2.18.2002 News
MacAnalysis 2.0b9 for classic and 2.1.4 for OS X has been released. This update for the security auditing tools adds new functionality supporting the airport, adding new exploits to the security sweep, auto updating and content filtering. MacAnalysis is available for Mac OS and Mac OS X
http://www.securemac.com/macanalysis.php

Posted by: Vily Clay   Posted on: 10/25/04 You are currently: a Guest | Members login | Terms of Use

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

SponsoredWhite Papers, Webcasts, and Downloads

• Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
• Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
• Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now