The Mac Security Blog
Yet another critical flaw has been found in Adobe’s Flash Player. According to the company’s security advisory, Adobe Flash Player 10.0.12.36 and earlier on all platforms are affected by a vulnerability “could allow an attacker who successfully exploits this potential vulnerability to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit this potential vulnerability.” Adobe notes that, “Additional vulnerabilities have been addressed in this update,” yet they give no information about these other flaws.
Adobe recommends that all users of Adobe Flash Player 10.0.12.36 and earlier upgrade to the newest version, 10.0.22.87, by downloading it from the Player Download Center. If you’re unsure of which version you have, you can find out by accessing this page.
Microsoft has issued a security advisory about an Excel vulnerability that affects both Mac and Windows versions of the popular spreadsheet program. The vulnerability “could allow remote code execution if a user opens a specially crafted Excel file.” Microsoft is “aware only of limited and targeted attacks that attempt to use this vulnerability,” but that means that attacks are occurring in the wild. Microsoft notes, “An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.”
This vulnerability affects both Excel 2004 and 2008, as well as a number of Windows versions of the program. For now, the safest action to take is to not open Excel documents from unknown sources. Stay tuned for more information when Microsoft issues a security update to fix this problem.
We recently reported on a vulnerability in Adobe Acrobat, which, while Adobe affects all platforms, Intego researchers found does not affect the Mac. However, our researchers have found that the exploit used to take advantage of the Acrobat vulnerability does indeed affect Apple’s Preview (at least the 10.5 version), as well as other programs that use Preview’s framework to display PDFs, such as Safari, Mail, or even the Finder if a user tries to view a PDF file with this exploit in QuickLook. For now, this is just a proof-of-concept vulnerability, and no code has been found in the wild that attempts to exploit this flaw. But given the widespread presence of PDFs on the Internet, any such bug has serious consequences.
Secunia is reporting that they have created an exploit that does not use JavaScript, which many sources said was needed for this vulnerability to be exploited. This is undoubtedly similar to that which our researchers have discovered, which affects Preview; the Apple program does not support JavaScript.
About a month ago, we reported that, “a security researcher has found a new way to attack Macs by injecting hostile code directly into memory, rather than by installing files that leave traces.” The researcher, Italian student Vincenzo Iozzo, has presented this vulnerability at the Black Hat conference. (You can see a PDF of his presentation here.)
It is important to note that such attacks cannot, currently, obtain administrator privileges, and can therefore only affect a user’s files (though if it deletes files, that could be annoying enough for anyone who does not perform regular backups). But it may allow the recording of keystrokes, including passwords, that could be sent to a remote server. The attack currently requires exploiting vulnerabilities in Safari, which is fast becoming one of the weak points of Mac OS X.
Adobe has found a critical vulnerability in its PDF reader software, Acrobat Pro and Acrobat Reader, that affects all versions of the software on all platforms, including Mac OS X. This vulnerability “could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.”
With PDFs all over the place, no one thinks twice about downloading a PDF and viewing its contents. Adobe, in their advisory, says a patch for their software will not be ready until March 11, so in the meantime, if you use Adobe Reader to view PDFs, it would be a good idea to change your habits and use Preview, which, for many users, is faster and more efficient.
However, after further analysis, our security researchers have determined that, while the vulnerability in question exists in the Mac versions of Adobe Reader, the current exploits that are circulating do not affect the Mac.
We often remind you how important it is to back up your files, and recommend that you use Personal Backup X5 for all your backup needs: regular backups, clones of your startup volume, synchronization of folders and volumes, and more. If you don’t back up your files, you may lose your personal documents, some of which are replaceable, but what happens when you lose all your kids’ pictures? You can never replace them. Or that music you bought from iTunes or Amazon? Unless you have backups, you’ll need to pay for it again.
But backing up, as the title of this article suggests, is only half the job. Let’s say a disaster happens: you look for a file or folder on your Mac, and it’s gone. No problem! Since you’ve been diligently running backups, you have a copy. if you lose some files, you want to be able to restore them quickly, and get them back in the right place (or not). With Personal Backup X5, you can choose which of your files you restore; you don’t need to restore an entire backup.
If you’ve just lost a file or folder, this means you can get them back quickly. Also, you have two options for the restoration location: you can restore the files to their original locations, or you can restore to a different location, to avoid overwriting existing files. (This is useful if you’ve lost some files in a folder, but want to check each file rather than simply replace the folder, to make sure that any newer files are retained.) You can use Personal Backup X5′s Restore function to restore files from backups to any location: an external disc, a server, or an optical disc.
You can find individual files or folders by either searching manually in the tree structure, or by using the search box; enter a text to whittle down the contents of your backup and find that file that went missing.
Make sure you back up regularly, but make sure that your back up your files with a tool that can help you restore your backups when you need them.