The Mac Security Blog
As Americans enjoy their long Thanksgiving weekend, malware writers are thankful for only one thing: more and more Mac users are getting tricked into installing their wares. The Flashback Trojan horse, that we reported on here, then discussed a new variant, then another new variant, has bred several new variants. Intego has spotted several new versions of this malware, which, while not changing the features of the malware, have changed the code, in an attempt to sneak through malware protection, such as that of VirusBarrier X6.
The bogus alerts you see on sites serving this malware haven’t changed:
But the effect is the same. When you end up on a site like this, an installation package is automatically downloaded, and, if your browser settings allow it, launched so you’ll see an Installer window.
As we said in a previous article, if you see a web page similar to that shown above, do not run any installer, and if the Installer window does not open, check your Downloads folder for any package file that contains the name Flash, then delete it. Only download Flash Player installers from the Adobe web site.
Intego is holding a special Black Friday blowout sale on all of its X6 security software. Keep your Macs safe from the dangers of the Internet, and save 40%, valid one day only, Friday, November 25, 2011.
As the holiday season rolls around, it’s a good time to make sure your Macs are protected from the dangers of the Internet. Get protection from viruses, malware and network attacks, tools to back up your essential files and filter out spam, or to keep your children sheltered from inappropriate web content. Intego has the programs you need to protect you and your Macs.
Intego is offering a 40% discount on any Intego X6 or Dual Protection product, purchased exclusively from the Intego online store. This includes standard packs and family packs, but not upgrades, renewals or accessories. To benefit from this discount, use the following code in the Intego online store (https://secure.intego.com/buynow/), on November 25, 2011: BLACKFRIDAY2011.
This promotion applies to the following Intego programs:
- VirusBarrier X6 – Protects your Mac from malware and network threat
- Internet Security Barrier X6 – The most comprehensive Mac security suite available
- VirusBarrier X6 Dual Protection – Protects your Mac from malware and network threats (Mac OS X and Windows)
- Internet Security Barrier X6 Dual Protection – The most comprehensive Mac security suite available (Mac OS X and Windows)
- Washing Machine 2 – Cleans up files that can slow down your Mac
This promotion is valid worldwide, only in Intego’s on-line store, and does not apply to software sold in Apple’s Mac App Store or iTunes App Store. This offer cannot be combined with any other offers or promotions.
For the second year in a row, Intego VirusBarrier X6 wins hands down in TopTenReviews’ list of Mac anti-malware software. Comparing VirusBarrier X6 against all the competition, they picked VirusBarrier X6 once again.
We’re humbled by such ratings, especially when many programs are compared. It shows that VirusBarrier X6 really is the best way to keep your Mac safe from the dangers of the Internet.
Google has updated its Chrome web browser to version 15.0.874.121, to fix a high-risk vulnerability which could lead to an out-of-bounds memory write in the browser’s JavaScript engine. The update also contains a number of bug fixes.
Users can update their version of the browser by launching the program, or restarting it, and using the transparent auto-updater it contains.
Apple has released iTunes 10.5.1, the latest version of the company’s media management software, which notably includes the company’s new iTunes Match cloud music service. This update contains one minor security fix, described as follows:
Impact: A man-in-the-middle attacker may offer software that appears to originate from Apple
Description: iTunes periodically checks for software updates using an HTTP request to Apple. This request may cause iTunes to indicate that an update is available. If Apple Software Update for Windows is not installed, clicking the Download iTunes button may open the URL from the HTTP response in the user’s default browser. This issue has been mitigated by using a secured connection when checking for available updates. For OS X systems, the user’s default browser is not used because Apple Software Update is included with OS X, however this change adds additional defense-in-depth.
As the description points out, this isn’t a serious issue for Mac users, but Apple is fixing it for them anyway, as there’s always the possibility that someone could create a fake program that looks like Apple’s Software Update.
You can download this new version of iTunes from, of course, Software Update, or from Apple’s iTunes download page.
Apple has released an update to Time Capsule and AirPort Base Station (802.11n) Firmware, fixing one security issue:
Impact: An attacker in a privileged network position may be able to cause arbitrary command execution via malicious DHCP responses
Description: dhclient allowed remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. This issue is addressed by stripping shell meta-characters in dhclient-script.
This is an obscure issue, but you should update the firmware anyway, as it probably also contains other bug fixes. Apple recommends that you download AirPort Utility 5.5.3 before applying the firmware update. If you don’t already have that program, you can download it here.
To apply the Time Capsule and AirPort Base Station Firmware update, launch AirPort Utility, and select your AirPort device. You’ll see something like this telling you that a new version of the firmware is available:
Click on Update Firmware to download and apply the update. You’ll have to restart your AirPort Base Station or Time Capsule, losing network access for a couple of minutes.