I usually refrain from posting “theoretical” OS X exploits since they rarely pose any real threat to Mac users. However, several sources are now reporting multiple Mac Trojan horses in the wild. These Trojans exploit a root vulnerability in Apple Remote Desktop Agent in Mac OS X 10.4 and 10.5.

This exploit has been rated as “critical”, but it does require that a user download and open the Trojan file.

Pay attention, folks. We knew that Macs would come more and more into hackers focus as market-share grew.

See more information at the SecureMac site.

Tagged with:  

Snow LeopardApple announced OS X 10.6 named Snow Leopard as more of a performance release rather than a feature release.

Some of the announced changes include a smaller footprint (giving back some hard drive space), Microsoft Exchange support, extended 64-bit support to allow a theoretical 16TB of RAM, faster clock speeds with the multicore “Grand Central” technology, and QuickTime X which includes optimized support for the latest codecs.

It’s not known yet whether Snow Leopard is the beginning of dropped support for PowerPC by Apple. Several developers are reporting that their developer preview copy runs only on Intel machines.

The rumors are that this will be a free upgrade, but that hasn’t been announced yet.

Tagged with:  

Apple just released a big old pile of patches for the security-burdened Leopard and Tiger operating systems. Among the addressed problems:

 

  • Address Book
    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • CFNetwork
    Impact: Visiting a malicious website could allow the automatic download of files to arbitrary folders to which the user has write permission
  • Core Foundation
    Impact: Usage of CFURLWriteDataAndPropertiesToResource API may lead to the disclosure of sensitive information
  • Desktop Services
    Impact: Opening a directory containing a maliciously-crafted .DS_Store file in Finder may lead to arbitrary code execution
  • Flash Player Plug-in
    Description: Adobe Flash Player is updated to version 9.0.115.0 to address CVE-2007-5476.
    Further information is available via the Adobe site at http://www.adobe.com/support/security/advisories/apsa07-05.html
    Credit to Opera

  • GNU Tar
    Impact: Extracting a maliciously crafted tar archive could overwrite arbitrary files
  • iChat
    Impact: A person on the local network may initiate a video connection without the user’s approval
  • IO Storage Family
    Impact: Opening a maliciously crafted disk image may lead to an unexpected system shutdown or arbitrary code execution
  • Launch Services
    Impact: Opening a maliciously crafted HTML file may lead to information disclosure or cross-site scripting
    Impact: Opening an executable mail attachment may lead to arbitrary code execution with no warning
  • Mail
    Impact: SMTP accounts set up through Account Assistant may use plaintext authentication even when MD5 Challenge-Response authentication is available
  • Quick Look
    Impact: Previewing a file with QuickLook enabled may lead to the disclosure of sensitive information
    Impact: Previewing a movie file may access URLs contained in the movie
  • Safari
    Impact: Visiting a malicious website may result in the disclosure of sensitive information
  • Safari RSS
    Impact: Accessing a maliciously crafted feed: URL may lead to an application termination or arbitrary code execution
  • Samba
    Impact: Multiple vulnerabilities in Samba
  • Shockwave Plug-in
    Impact: Opening maliciously crafted Shockwave content may lead to arbitrary code execution
  • SMB
    Impact: A local user may be able to execute arbitrary code with system privileges
  • Software Update
    Impact: A man-in-the-middle attack could cause Software Update to execute arbitrary commands
  • Spin Tracer
    Impact: A local user may be able to execute arbitrary code with system privileges
  • Spotlight
    Impact: Downloading a maliciously crafted .xls file may lead to an unexpected application termination or arbitrary code execution

Get a look at Apple’s full descriptions of issues and fixes at their site: Security Update 2007-009

Tagged with:  

The QuickTime vulnerability originally reported on November 15 seems to have been spotted in the wild. This is not good news.

Apple made a decision to change the firewall settings in Leopard, provoking some serious questions about the security of this new OS. This latest security issue puts a spotlight on what may become a real thorn in Apple’s side.

This from Symantec:

Originally, the flaw was disclosed on November 23, 2007 by Polish security researcher Krystian Kloskowski and since then we have seen number of exploits targeting the vulnerability being released to the public. But now the exploit is active and in the wild, meaning web surfers are in danger of being attacked. Our current analysis is also leading us to believe that there may be multiple attacks in existence. Further investigation is currently under way to confirm this.

Let me briefly explain what we have seen. The attack we have confirmed today begins with the popular IFRAME. An IFRAME code that causes the browser to make an additional request to another URL, is embedded in a porn site. Without knowledge, users visiting this site are redirected to the malicious site serving the exploit. Currently, the malware that is downloaded by the exploit is detected by Symantec as Downloader. We are still studying the attack in depth, so look out for more information at a later time.

Since a patch to correct the issue has yet to be released, we advise users to be cautious when browsing the web. For those of you seeking extra protection, we also recommend the following options:

- Run web browsers at the highest security settings possible
- Disable Apple QuickTime as a registered RTSP protocol handler.
- Filter outgoing activity over common RTSP ports, including TCP port 554 and UDP ports 6970-6999.

Tagged with:  

The casual user of Apple’s new operating system, Leopard, may not be aware that unlike in Tiger, the firewall is off by default. To turn it on, you’ll need to go to System Preferences/Security/Firewall tab.

firewall.png

This is a new interface which lets you specify firewall blocking by application rather than ports or services (unlike Tiger). There have been several reports that Leopard’s firewall does not behave like Tiger’s. In some cases, it appears that it is not blocking certain services indicated by the settings.

Stay tuned for ongoing information regarding Leopard’s firewall issues, including some other security issues arising from Leopard’s Screen Sharing capabilities.

Tagged with:  
Page 1 of 3123
© 2010 Mac Sage