The Mac Security Blog
Apple has released Mac OS X 10.7.3, the latest update to Mac OS X 10.7 Lion. This update patches more than 50 vulnerabilities, from Apache to X11, and includes a number of updates to PHP, QuickTime and more. It also protects against some bogus certificates, issued to DigiCert Malaysia:
Two certificate authorities in the list of trusted root certificates have independently issued intermediate certificates to DigiCert Malaysia. DigiCert Malaysia has issued certificates with weak keys that it is unable to revoke. An attacker with a privileged network position could intercept user credentials or other sensitive information intended for a site with a certificate issued by DigiCert Malaysia. This issue is addressed by configuring default system trust settings so that DigiCert Malaysia’s certificates are not trusted.
These fixes are included in the overall 10.7.3 update, and a separate security update, Security Update 2012-001, is available for Mac OS X 10.6.8. Users can download the updates via Software Update, or from Apple’s Downloads page.
For more information about these updates, see this document.
Apple today released updates for Mac OS X Lion, iOS, the Apple TV, as well as iWork applications, iPhoto and more. Many of these updates include security fixes, and the total number of bugs patched is certainly a record for Apple.
Security Update 2011-006 includes fixes for both Mac OS X 10.6.8 and Lion (as part of the Mac OS X 10.7.2 update), patching more than 60 bugs.
The iOS 5 Software Update fixes dozens of security issues.
The Safari 5.1.1 update, included with the Mac OS X Lion 10.7.2 update, and available separately for Snow Leopard, patches dozens of bugs.
The Apple TV Software Update 4.4 patches a half-dozen bugs, and updates to Pages and Numbers for iOS patch even more bugs.
And updates to Pages and Numbers for iOS fix even more bugs.
This is a bumper crop for Apple, requiring users to download a number of very large updates. But with all these security fixes, Mac and iOS users can certainly sleep better tonight.
More information about these updates will be posted to Apple’s security updates page.
A novel new malware sample affecting Mac OS X has been discovered. It is an application masquerading as a PDF file, which connects to a remote server to download a backdoor. This application displays text, like a PDF, to fool users who open it, and don’t notice what really happens. (The current sample contains Chinese text, but any type of text could be used with this Trojan horse.)
When a user opens the file, the executable goes into action, extracting a different executable, which then downloads a backdoor from a remote server. This first executable only works on Intel-based Macs, and the backdoor does not work on Macs using a case-sensitive file system (which is not the default). The backdoor takes screenshots and sends them to a command and control server, and can perform other actions.
This PDF Trojan horse was not found in the wild, and is most likely simply a proof of concept. Its design is clunky, yet it can work, and does connect to an active server. VirusBarrier X6 users will find that the program’s Anti-Spyware feature would alert them when the first executable attempts to download the backdoor, preventing its installation. Intego VirusBarrier X6 protects against this malware detecting it as OSX/Revir.A, for the Trojan horse part, and OSX/Imuler.A for the backdoor. We consider the threat to be very low, as this is not found in the wild.
A Mac OS X bug has surfaced whereby any local user can change that user’s password using a simple Terminal command. This means that anyone who obtains physical or remote (such as via ssh) access to a Mac, and who knows this command – not something that your average user will know – can change the password for the current account, then log into it later and access their files, or, if it is an administrator’s account, make changes to the system and access other files.
Until this is fixed, it’s a good idea to take a number of precautions, especially if you leave your Mac accessible to others. First, disable automatic login. As we wrote in a recent Mac security tip, this means that you need to enter a password to access your Mac when you start it up. Next, make sure you use a different password for your keychain, so if someone does access your account, they still can’t get at your passwords. Finally, in the General tab of the Security & Privacy preferences, check Require password immediately after sleep or screen saver begins. This means that you’ll need to enter your password more often, but it’s a lot safer. If you put your Mac to sleep when you leave it, then no one will be able to access it without your password.
Full protection can be obtained by running the following the following command in Terminal:
sudo chmod 100 /usr/bin/dscl
This limits access to the dscl command to all users other than root.
Apple will undoubtedly issue a security update to fix the bug quickly. In the meantime, the above tips should help you protect your Mac and your files.
With OS X Lion out, a lot of people will take advantage of the weekend to upgrade their Macs to the new operating system. But before running the upgrade, you should do the single most important thing to protect your files: back them up. Ideally, you should back up your entire startup disk, “cloning” it, making a full copy that you can boot from if you have any problems. To do this, you need an external hard disk, but you can get a good-sized one for around $100. And this is a device you should own, to back up your files regularly.
If you don’t have an external hard disk, you can back up your important files – those in your home folder – to DVDs, but it takes a bit longer. You can also back up to a network volume, if you have other computers on a network, or to an online server.
You can perform all of these tasks with Intego Personal Backup, which is part of the Internet Security suite. With Personal Backup, you can make bootable backups (clones), regular backups, and even synchronize folders across two Macs. You can back up to any kind of device that your Mac can read and write data to: hard disks, network volumes, DVDs and more.
So back up your files now, then install Lion and discover Apple’s great new operating system.
Your security is important to us. With Mac OS X Lion due for release very soon – Apple said sometime in July – Intego’s developers have worked hard in recent months to ensure that all of the company’s applications will work with Lion. All of Intego’s software is ready for Lion, and some programs have been fully Lion-compatible now for several weeks.
We strongly recommend that you update your Intego software before updating to Lion, whenever Mac OS X 10.7 is released. To do this, use NetUpdate, which you can launch either from the Intego menu in your menubar, or from the System Preferences application. You’ll find the necessary updates for all of your Intego software.
The following are the version numbers of Lion-compatible Intego programs:
ContentBarrier X5: 10.5.7
ContentBarrier 10.6: 10.6.4
FileGuard 10.6: 10.6.2
NetBarrier X5: 10.5.7
NetUpdate: 10.5.7
Personal Antispam X5: 10.5.11
Personal Antispam 10.6: 10.6.7
Personal Backup X5: 10.5.9
Personal Backup X6: 10.6.2
Remote Management Console 2: 2.0.3
VirusBarrier X5: 10.5.13
VirusBarrier X6: 10.6.13
VirusBarrier Server 3: 3.2
Washing Machine: 2.4
Intego is offering all existing and new customers a 10% discount on any Intego product, purchased exclusively from the Intego online store. This includes standard packs, family packs, Dual Protection software, and full upgrades. To benefit from this discount, use the following code in the Intego online store, before August 20, 2011: X6LION-107