The Mac Security Blog
Security researcher Nitesh Dhanjani has discovered a way that hackers could trick users into visiting fake websites by hiding their URLs. In a proof of concept example, Dhanjani shows users that a web page can display a graphic of a Safari browser window, showing a fake URL. After this page has loaded, Safari’s address bar disappears, leading users to believe that the URL they see in the graphic of the web page is the correct one. Phishing sites could create “pages” like this easily, leading users to believe that they are on valid web sites, and possibly convincing them to enter personal data such as passwords, credit card numbers or more.
One of the main reasons for this activity is the limited amount of screen space on mobile phones such as the iPhone. Safari scrolls up, hiding the address bar after a page has loaded, so users can see the content of web pages, but this activity can mislead users in cases such as the one demonstrated here.
iPhone users should be especially careful when loading pages for banks, web sites where they make purchases, and others where they enter sensitive information, if they have gotten to those sites by tapping a link. When in doubt, swipe up to see the address bar and check that you’re on the site you think you’re on.
Intego today announced the availability of a new version of Personal Antispam, the company’s intelligent spam filtering program. This release adds compatibility for Microsoft Outlook 2011, the e-mail program included with some versions of Office 2011. Personal Antispam 10.6.5 now provides spam-filtering support for Apple Mail, Microsoft Entourage (v. X, 2004 and 2008) and Microsoft Outlook 2011.
Personal Antispam is sold as part of Internet Security Barrier X6, a powerful security suite which also includes the following programs:
- VirusBarrier X6, which provides protection against malware and network threats
- ContentBarrier, the best parental control and content filtering solution for Mac
- Personal Backup, a powerful tool for backups, synchronizations and clones of startup volumes
- FileGuard, which stores confidential documents in virtual safes
System Requirements
Mac OS X 10.5 or 10.6 (Leopard or Snow Leopard). Runs on Macs with Intel or PowerPC processors. Requires Apple Mail, Microsoft Entourage (v. X, 2004 and 2008) or Microsoft Outlook 2011.
Pricing and Availability
Personal Antispam 10.6.5 is a free upgrade for all registered users of Personal Antispam 10.6 or later. The upgrade is available via Intego NetUpdate.
Internet Security Barrier X6 is available now. Standard licenses protect up to 2 Macs. Also available: 5-Mac family packs and multi-seat licenses.
Also available is Internet Security Barrier X6 Dual Protection, which includes best-of-class Windows software so Mac users running Windows can protect their Mac and their Windows installation.
Apple has release iOS 4.2 for the iPhone, iPad and iPod touch. This update brings a number of new features to iOS devices, and notably adds such features as folders and multi-tasking to the iPad, which had previously been running iOS 3.2.
This update features a number of security fixes, patching 46 vulnerabilities, such as more than a dozen fixes to WebKit, the HTML rendering framework, and a number of fixes to CoreGraphics, FreeType, Mail and Telephony.
This update is available via iTunes when syncing a compatible device. More information about the security fixes is available here.
Just as Apple has released iOS 4.2, the company has also issued an update to the Apple TV software, which includes a number of security fixes. Apple TV 4.1 software fixes 8 vulnerabilities in FreeType and libpng. This update is available from the Apple TV itself. More information is available here.
Apple has released two large security updates to its Safari web browser, with new versions being Safari 5.0.3 and Safari 4.1.3. These updates correct 28 vulnerabilities with WebKit, the HTML page rendering framework used by Safari, and by other programs on Mac OS X. As Apple says:
Safari 5.0.3 and Safari 4.1.3 address the same set of security issues. Safari 5.0.3 is provided for Mac OS X v10.5, Mac OS X v10.6, and Windows systems. Safari 4.1.3 is provided for Mac OS X v10.4 systems.
Users can download these updates using Software Update, or from the Safari download page. Full information about the security fixes in the update is available here.
Adobe has released security updates for its Reader software, for Windows, Mac OS X and UNIX, and for Acrobat for Windows and Mac OS X. According to the company’s security bulletin, these updates correct “vulnerabilities [that] could cause the application to crash and potentially allow an attacker to take control of the affected system.” This update also incorporates fixes provided in the last Flash Player update.
These vulnerabilities affect Adobe Reader and Acrobat 9.4 and earlier. Mac users can download the latest versions of the program here, or use Adobe’s Updater tool to update their software.