The Mac Security Blog
Back in January, we wrote about a scareware program targeting Mac OS X. The “rogue tool”, Macsweeper, claimed that “The imbibed set of features locates all the junk and useless data on your computer and deletes them to reclaim the wasted space.” In addition to questionable English in the description, the program itself was not only a rip-off, but it was dangerous: while it may have cleaned out some files such as caches, it also deleted more important files, without users even knowing what it removed.
Another program, called iMunizator, has been spotted, and this is nothing more than the same program (with exactly the same interface, features and code) with a new name. The program’s website (which we will not link to) has the same layout and the same description as Macsweeper. Needless to say, there must be some gullible people ready to pay $30 for this program, in spite of the fact that it is a scam, and is dangerous.
VirusBarrier X5, in its virus definitions dated March 27, 2008, blocks this program (which we have called OSX.AngeloScan), so even if you accidentally get a copy of it and try to run it, you will be alerted that the program is dangerous.
Intego will continue to be on the alert for future versions of this program, which doesn’t seem like it’s going away any time soon.
An article in Processor Magazine takes a close look at the risks of using Macs in enterprise environments, and how to protect them against viruses and malware. Mentioning Intego’s software, the article looks at the need to protect not only Macs, but also Windows computers on a corporate network that may be infected by Macs passing on dangerous files unwittingly.
The article says, “According to research firm Gartner, Macs made up 8.1% of PC market share for the third quarter last year, something that seemed unthinkable only five years ago. However, increased market share, along with Apple’s switch to Intel, has brought something less palatable with it, and that something is malware.”
As we know, that market share is growing, and more and more businesses that were previously Windows-only are adding Macs to their stables of computers, and need to have full protection from viruses, malware and hackers.
We reported yesterday on the PWN 2 OWN hacking contest held at the CanSecWest security conference, where there was to be a showdown with a MacBook Air facing a Windows computer and a Linux computer. Well, the dust has settled, and the Mac is the winner–well, the loser. The Mac was hacked in a mere two minutes by security researcher Charlie Miller, who directed the organizers to visit a web site which contained his exploit code. To be fair, none of the computers were breached on the first day, when hackers could only access the computers over a network, but once they relaxed the rules to allow the computers to have access to the web or to e-mail, the Mac fell quickly.
According to Macworld reports, “Contest rules state that Miller could only take advantage of software that was preinstalled on the Mac, so the flaw he exploited must have been accessible, or possibly inside, Apple’s Safari browser.” But Miller is not allowed to discuss the vulnerability until the contest organizers can notify the vendor. One of the judges said that Apple was already hard at work patching the flaw.
What this points out is that there are people who are aware of serious vulnerabilities in Mac OS X, but who don’t tell Apple right away. Security Researcher Charlie Miller apparently had one up his sleeve, and saved it for the contest, rather than spill the beans to Apple. But if security researchers know of flaws, it’s sure that malicious hackers know of them as well.
The Windows and Linux computers are still waiting to be breached…
The 2008 CanSecWest security conference is featuring a hacking contest. Three computers will vie for the glory of being the first (or last) to be hacked: a MacBook Air, a Fujitsu laptop running Windows Vista Ultimate SP1, and a Sony Vaio running Ubuntu Linux.
As the web site says:
“Three targets, all patched. All in typical client configurations with typical user configurations. You hack it, you get to keep it. Each has a file on them and it contains the instructions and how to claim the prize.”
Hackers will try and grab the golden ring, and show which of these three systems is the most hackable (or the easiest to crack).
We’ll follow up when the winner is announced, if there is one.
We recently reported about Apple’s 2008-002 security update, the one with dozens of patches. Well, Cupertino had a slight problem, and released an update to the update: Security Update 2008-002 v 1.1. This large update fixes just one tiny problem with Aperture:
“Security Update 2008-002 v1.1 addresses reliability issues with the “Printer Settings…” button in Aperture 2.0 on systems running Mac OS X v10.5.2. No applications other than Aperture 2.0 are affected.”
So you don’t need to install this update if you don’t use Apple’s Aperture. If you do, you’ll need to download and install the entire update, which is 50 MB for Mac OS X Leopard, and 108 MB for Mac OS X Leopard Server.
The Mozilla Foundation has released a new update to Firefox for Mac OS X. Version 2.0.0.13 contains a half-dozen security fixes, two of them for critical vulnerabilities, as well as some other bug fixes. You can download the latest version of Firefox here.