The Mac Security Blog
A vast phishing attack has broken out, beginning on or around Christmas day, with e-mails being sent with the subject “Apple update your Billing Information.” These well-crafted e-mails could fool many new Apple users, especially those who may have found an iPhone, iPod or iMac under their Christmas tree, and set up accounts with the iTunes Store or the Mac App Store for the first time. The messages claim to come from “appleid@id.apple.com.” Here’s what the content looks like:
If you click on the link in the message, you will be taken to a realistic looking sign-in page, then, after entering your Apple ID and password, you’ll be taken to a page asking you to update your account profile, notably entering your credit card information. Again, this page looks realistic, and many of the elements it contains are taken from Apple’s own web pages.
So how do you know that this is a phishing e-mail? The first rule of thumb is to move your cursor over the link in the message and wait for a tooltip to pop up:
As you can see above, the URL that displays is not an apple.com address, but rather a numerical address (we’ve blurred the first part of the address). At the end of the address is a page called apple.htm, which could fool people, but that’s not what’s important. Always look at the part right after the http:// in the URL: if it’s not something.apple.com (it could be www.apple.com, store.apple.com, or something else), then it’s bogus.
We hope you’ll be careful if you’re new to Macs and Apple products. We work hard to keep Mac and Apple users safe from the many dangers of the Internet.
The Mozilla Foundation has released Firefox 9 (it seems like just a few months age we were using Firefox 4…), and, with it, has fixed several memory safety bugs in the browser engine and in other programs, such as Thunderbird and SeaMonkey. These vulnerabilities were not critical, but, as the Mozilla Foundation’s security advisory says, “we presume that with enough effort at least some of these could be exploited to run arbitrary code.”
The Mozilla Foundation also released Firefox 3.6.25, with a single fix related to Java .jar files. This version of Firefox, for older versions of Mac OS X, is not seeing any more updates.
As usual, you can download a copy of Firefox, or launch your current copy and have it automatically update.
Christmas is here, and it’s time to make sure that your Macs are protected from the dangers of the Internet, especially if there’s a new Mac waiting for you under the tree. To help you keep your Macs secure, Intego is offering a special discount on its software to protect you from the dangers of the Internet.
Get protection from viruses, malware and network attacks, tools to back up your essential files and filter out spam, or to keep your children sheltered from inappropriate web content. Intego has the programs you need to protect you and your Macs.
Intego is offering a 25% discount on any Intego X6 or Dual Protection product, purchased exclusively from the Intego online store. This includes standard packs and family packs, but not upgrades, renewals or accessories. To benefit from this discount, use the following code in the Intego online store (https://secure.intego.com/buynow/), through December 26, 2011: XMAS2011.
This promotion applies to the following Intego programs:
- VirusBarrier X6 – Protects your Mac from malware and network threat
- Internet Security Barrier X6 – The most comprehensive Mac security suite available
- VirusBarrier X6 Dual Protection – Protects your Mac from malware and network threats (Mac OS X and Windows)
- Internet Security Barrier X6 Dual Protection – The most comprehensive Mac security suite available (Mac OS X and Windows)
- Washing Machine 2 – Cleans up files that can slow down your Mac
This promotion is valid worldwide, only in Intego’s on-line store, and does not apply to software sold in Apple’s Mac App Store or iTunes App Store. This offer cannot be combined with any other offers or promotions.
Microsoft has released updates to Office 2008 and 2011, which include bug fixes and patches for security issues. The Office 2008 update include a fix for two PowerPoint vulnerabilities:
The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of the vulnerabilities could take complete control of an affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
And the Office 2011 update fixes a similar vulnerability in Word.
Office users can update their software using Microsoft’s AutoUpdate application, or can download the updaters: Office 2008 update, 285 MB or Office 2011 update, 113 MB.
Google has released an update to the company’s Chrome web browser, moving it to version 16.0.912.63, patching 15 vulnerabilities along the way. Some of these are rated “high” risk, but none are serious enough to cause users to worry. As always, the Chrome browser updates automatically, even if it’s not running. When we just checked in our Applications folder, we found that the version number of the Chrome application matched this new version.
Adobe has issued a security advisory regarding a zero-day vulnerability that is being exploited in the wild against Windows computers. This critical flaw affects Adobe Reader and Acrobat for Mac, as well as Windows and Unix, but attacks are only being seen against Windows computers for now. As Adobe says in their security advisory:
This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.
So, Mac users don’t need to worry yet. However, given that “Adobe categorizes this as a critical issue,” there will be a fix for the Mac versions of these programs “as part of the next quarterly update scheduled for January 10, 2012.”
These kinds of zero-day attacks are increasingly common against Adobe Reader and Acrobat, as PDFs are ubiquitous. As of yet, we have not seen any of these attacks target Macs, but it is certainly possible that Macs will be attacked in the future.
Remember, you can use Preview to view and annotate PDFs on Mac OS X. Unless you need special features that are present in Adobe’s software, this is the safest thing to do.