Posted on June 17th, 2007 by Juha-Matti
Filed under: Apple, Commentary, Web | 2 Comments »
The recent Safari update version 3.0.1 includes fixes for the following issues in Beta release:
Protocol Handler issue reported by Thor Larholm, CVE-2007-3186
DoS-type race condition issue reported by Aviv Raff, CVE-2007-3185
HTML handling issue reported by David Maynor, CVE-2007-2391
It took not many days to release a fixed version, but there are many other vulnerabilities reported in Safari 3.0 Beta (for Windows and OS X) too.
But the download link of Safari 3.0.1 Public Beta is
Posted on March 14th, 2007 by noam
Filed under: Apple, Commentary | No Comments »
Apple has released a “megapatch” that plugs 45 different security holes, these security holes range from vulnerabilities in Apple’s image viewing programs, vulnerabilities in the kernel, vulnerabilities in MySQL server, vulnerabilities in their AppleTalk network protocol and finally vulnerabilities in OpenSSH.
More details can be found here.
Posted on February 15th, 2007 by Juha-Matti
Filed under: Apple, Commentary, Corporate Security, Web | No Comments »
Apple has released fixes for four vulnerabilities reported by Month of Apple Bugs (aka MoAB) in January.
The issues are buffer overflow in Finder when handling volume names, null pointer dereference in iChat’s Bonjour when handling drafted messages, format string vulnerability in iChat (related to AIM URL handler) and problem “UserNotificationCenter process running with elevated privileges in the context of a local user”.
Link to the advisory here:
Posted on January 23rd, 2007 by Juha-Matti
Filed under: Apple, Commentary, Full Disclosure, Web | 3 Comments »
Apple has released a fix for QuickTime rtsp:// URL Handler Stack-based Buffer Overflow – aka MOAB-01-01-2007.
There is no any other fixes included to Security Update 2007-001, link here:
As we can see the ‘MOAB-01-01-2007′ was disclosed on 1st Jan as the very first Month of Apple Bugs advisory.
It is worth of noticing that Windows versions 220.127.116.11 and below are affected too.
Posted on December 5th, 2006 by Juha-Matti
Filed under: Apple, Commentary, Web | 1 Comment »
There have been some erroneous forum discussions that Apple’s Security Update 2006-007 released last week will block the Mac ad/spyware iAdware (or OSX/Cosmac).
The update – and the Install component – doesn’t prevent iAdware from working.
The PoC was originally listed here:
-> Advisory #44, “Macrocosm.tar.gz – ‘Macrocosm (detected as OSX.PopUp.gen”
KF has posted the answer to Bugtraq list too.
Posted on November 28th, 2006 by xyberpix
Filed under: Apple, Commentary | 3 Comments »
Well, I know that this is a bit of a shameless plug, but I also think that it’ll help out anyone who tasked with securing OS X in any way or form. I’ve just finished working with a bunch of guys on putting this checklist together for the SANS S.C.O.R.E section on their website, so take a look and I hope it helps someone out. It covers all the basic parts of securing OS X, and is more than sufficient to get a lot of people started, and to end up with a much more secure OS X installation.
Any comments highly appreciated.
Posted on November 3rd, 2006 by Juha-Matti
Filed under: Apple, Commentary, Virus, Web | 5 Comments »
The fact is that it is not so often when malware for Mac systems come to public.
There is new information about Proof of Concept virus for Macintosh systems available. From the new writeup:
Infects other files when they are executed in the current directory, regardless of file name or extension.
Additionally, the known infection length is 528 bytes, lists Symantec writeup.
The name of this new virus is OSX.Macarena.
Update: The following blog entry of Ryan Russell has a coverage list of recent Mac malware.
Posted on November 1st, 2006 by SecuriTeam
Filed under: Apple, Commentary, Corporate Security, Full Disclosure | 4 Comments »
from hd moore at metasploit, the apple airport 802.11 exploit, which has just appeared on the month of kernel bugs site:
apple airport 802.11 probe response kernel memory corruption
Posted on September 21st, 2006 by Juha-Matti
Filed under: Apple, Commentary, Web | 1 Comment »
It happened recently today. From the Apple Product Security mailing list:
APPLE-SA-2006-09-21 AirPort Update 2006-001 and
Security Update 2006-005
The security fixes described below are available in AirPort Update
2006-001 and Security Update 2006-005. AirPort Update 2006-001
contains an additional non-security fix to address a reliability
issue that occurs on a limited number of MacBook Pro systems.
AirPort version 4.2:
About the security content of AirPort Update 2006-001 and Security Update 2006-005:
Posted on July 28th, 2006 by Juha-Matti
Filed under: Apple, Commentary, Web | 3 Comments »
Zone-H lists the following NASA Web sites defaced today:
See mirror at zone-h.org/index2.php?option=com_mirrorwrp&Itemid=44&id=4402740
See mirror and details at zone-h.org/index2.php?option=com_mirrorwrp&Itemid=44&id=4402742
Zone-H.org archive lists these as mass defacements of Byond Hackers Team.
WHOIS results for 18.104.22.168 are the following:
OrgName: National Aeronautics and Space Administration
Address: IS05/Office of the Chief Information Officer
NetRange: 22.214.171.124 – 126.96.36.199
They have a separate “Cyberwar: the beginning” posting too:
Posted on May 12th, 2006 by Juha-Matti
Filed under: Apple, Commentary | 5 Comments »
The third ’06 security update for Mac OS X has been released.
This update fixes 25 separate vulnerabilities, including several issues related to zipped files and image files reported by Tom Ferris too.
The original security advisory from Apple is located at
Exploitation of many issues may lead to arbitrary code execution.
Security Update 2006-001 – 15 issues
Security Update 2006-002 – 3 issues
Security Update 2006-003 – 25 issues
From the SANS Top 20 Spring Update:
2006 Spring Update on SANS Top 20 Internet Security Vulnerabilities Shows Marked Increase in Zero-Day Attacks and Growth in Attacks on Apple OS/X
It’s time to visit Apple Downloads site or use your Software Update feature.
UPDATE: I missed to include link to McAfee’s new white paper The New Apple of Malware’s Eye: Is Mac OS X the Next Windows? [PDF document, 6 p.]
UPDATE #2: According to Ferris’s new posting ‘All f the Safari flaws within the Apple OS X Safari 2.0.3 Multiple Vulnerabilities advisory are still unpatched. Additionally, ‘The core issue “ReadBMP ()” .bmp Heap Overflow has not been fixed’.
Posted on April 21st, 2006 by Juha-Matti
Filed under: Apple, Commentary, Full Disclosure | 1 Comment »
Fixing security vulnerabilities silently is possible at Apple Computer too, says security researcher Tom Ferris when releasing information about several unpatched OS X flaws at his Web site.
This issue was silently fixed by Apple in update 10.4.6.
says Mr. Ferris while disclosing details about Apple OS X 10.4.5 .tiff “LZWDecodeVector ()” Heap Overflow issue at ‘sp-x2′ advisory.
Marc Bevand started thread Microsoft silently fixes security vulnerabilities at Dailydave recently.
Posted on March 6th, 2006 by Lev
Filed under: Apple, Commentary | 4 Comments »
On February 22, a Sweden-based Mac enthusiast set his Mac Mini as a server and invited hackers to break through the computer’s security and gain root control… – writes ZDNet
“This sucks. Six hours later this poor little Mac was owned and this page got defaced. Good thing is it didn’t get rm’d!”
Posted on February 26th, 2006 by David Harley
Filed under: Apple, Commentary, Culture, Virus | 6 Comments »
It’s old news that Sophos briefly took their corporate eye off the ball and released an IDE (virus identity file) that incorrectly detected Inqtana.B in some application files on OS X Macs. While the incident seriously inconvenienced some users and sites by necessitating reinstallation of some misdiagnosed programs, the vendor did replace the offending file very quickly, apologised, and put in place measures to avoid a recurrence.
Worryingly, however, some have seen this incident as an argument for jettisoning commercial anti-virus in favour of an open source solution. Is there a place for volunteer AV in the workplace, though? As a supplement, sure, as long as the organization and the end-user realise the limitations of the genre. I don’t doubt the motives of the public-spirited purveyors of AV freeware. The AV commercial vendors are not whiter than white, and of course they have a commercial agenda, but they have to meet standards of functionality and support in order to stay in the market place. Perhaps now, when malware authors seem to have rediscovered the Mac platform, is not the best time to put all your worm-free Apples in one basket, or entrust the corporate crown jewels to software that doesn’t detect all known malware on that platform, offers no guarantees of freedom from future FPs, and doesn’t offer professional levels of service and technical support?
Posted on February 24th, 2006 by Juha-Matti
Filed under: Apple, Commentary | No Comments »
According to new RealTechNews article
“… today a hacker named Maxxuss released a patch which updates MacOS to 10.4.5 and enables it to run on non-Apple Intel-based PCs.”
This hasn’t been covered in the news at all, in fact.
The article links to Maxxuss Release Announcements page, which has ‘Last Updated: 23-Feb-2006‘ information, in fact.
The weblog of Maxxuss, announcing ‘non-official information on Mac OS X for the x86 platform’, is located at maxxuss.theblog.cc.
This was only a week after news about a poetry Don’t-Steal-Mac-OS-X embedded into OS X.
Posted on February 21st, 2006 by xyberpix
Filed under: Apple, Commentary, Virus | 1 Comment »
What the hell is this, let’s target OS X week? This is directly from the guys over at F-Secure labs, they’ve just found 2 more variants of the OS X worm Inqtana.A, the variants are names Inqtana.B and Inqtana.C. The only difference is the way that the worm will start on the infected machine once the user has accepted the OBEX transfer.
More details on this can be found on the F-Secure blog
Guess this means that OS X is finally being taken seriously out there, and about time too.
What’s everyone’s thoughts on all the OS X action we’ve been seeing lately?