Trend Micro, the antivirus company, has a Malware Blog where they track all the bad stuff that can happen to your computer. Although the screenshots come from Windows machines, they did have one up this week that showed the Apple Store. Sneaky (and smart) phishers are sending emails that say there is a problem with [...]
Apple has released OS X 10.5.4 (59 MB via Software Update) to the masses which includes the content of Security Update 2008-04. The update also includes improvements to AirPort reliability and speed, many iCal improvements, two secure surfing improvements to Safari and three Spaces & Exposé bugs.
The Security Update fixes 21 security issues in [...]
Much ado has been made this week regarding the recent Apple Remote Desktop Root Privilege Escalation Vulnerability. The short story is that there is a flaw in a piece of software that Apple ships & installs with every Leopard instance which enables a local user to run scripts with root privileges (meaning they can do [...]
Apple releases a security guide for Mac OS X 10.5
In the last week, two major flaws have been reported, one in downloading .ICS (iCal) files, and one in Safari’s carpet-bombing problems. Now, Microsoft is reportedly getting in on the warnings to Apple.
Basically, Tim Rains, Microsoft’s security guy, says that “Safari…cannot be configured to obtain the user’s permission before it downloads a resource.” That [...]
I was a bit worried when I found out about this story, but I should have seen it coming. Engadget reports that people who are purchasing refurbished iPhones (from Apple, no less) are able to recover old data off of the devices using some freely available tools.
I’ve had to take my iPhone in to the [...]
Apple updated their PGP product security key as part of their two-year cycle. The new key is valid up through May 15, 2010 and will eventually be posted to their Protecting Security Information page. The announcement was made on their mailing list which you can subscribe to via mail or RSS.
How To Use The Key
Unlike the [...]
Microsoft has been busy today, releasing security updates, announcing a new service pack and committing to restoring functionality to their Mac office suite.
Yep, It’s Patch Tuesday Again
Microsoft released security bulletin MS08-014 today that contains a patch to a remote code execution vulnerability effecting Microsoft Office 2004 & 2008 for Macintosh. Office 2004 is bumped up to [...]
As someone who both works in a high-theft environment (university campus, anyone?) and who owns a piece of portable Apply goodness that contains my entire life, I’m rather concerned about security and theft prevention. I had considered a laptop lock, but considerations of how much I really do move my laptop about and [...]
Apple posted an update to Safari that – amongst other fixes – patches 4 vulnerabilities in the Windows version and 2 in the OS X version of their flagship browser. One of the Windows issues – CVE-2007-2398 – is especially tricksy: “[the vulnerability allows] a web page to change the contents of the address bar [...]
Apple has posted Quicktime 7.4.5 to Software Update that includes 11 security fixes, three of which only impact Windows systems. Some of the vulnerabilities can lead to arbitrary code execution (i.e. bad people can run programs on your system) by just tricking you into viewing specially crafted content. While that may seem unlikely to you [...]
With less than six months under its belt, Leopard is preparing to receive its third update to 10.5.3. This update includes 75 fixes from Address Book to VoiceOver. The list includes changes to: AddressBook, AppleScript, Audio, Back To My Mac, Dashboard, Dock, DVD Player, Finder, Graphics, iCal, Mail, Portable Home Directories, Printing, Rosetta, Spaces, Spotlight, [...]
Dan Benjamin of The Talk Show fame posted a general inquiry to the Twitterverse on how to disable the Leopard open confirmation dialog that comes up when you attempt to access a recently downloaded file.
This dialog is a one of Leopard’s new security features called “File Quarantine” and is primarily designed to protect users from [...]
By now, you’ve seen the announcement of the March 6th iPhone announcement (which better be more than discussing a future announcement since that’s already two pointer de-references we have to manage). While I am – and many other and far more capable developers are also – eagerly awaiting the SDK release, the promise of “exciting [...]
Given the large amount of “feedback” I receive from many venues on why I’m crazy for suggesting that OS X users employ some type of client-side security software, I wanted to point out a very recent exploit that I saw over at Joel Esler’s blog. The vulnerability is around the IPv6 networking layer of the [...]
While I’m not trying to only focus on security topics, they just seem to pop up more often than not, including today’s serendipitous discovery that TrueCrypt is available for OS X. Security isn’t just about maintaining system integrity (loosely defined as keeping malicious code from getting onto/running on your system). A critical component is ensuring [...]
For those that have installed Office 2008, you may have seen some news floating on the internets about improper permissions — that were created by the installer — potentially allowing another local user to access your documents. It’s not a remote exploit issue and most folks are probably not vulnerable (you only need to [...]
After blogging about the need to use and maintain an anti-virus solution for your OS X systems, an anonymous reply questioning the need to use security tools at all on OS X systems gave me pause. You do not need me to link to the numerous articles flying around the internets that report on how [...]
F-Secure is reporting on the first, widespread rogue Mac application that comes in the guise of security software: MacSweeper. It is hosted at www.macsweeper.com, but I do not recommend visiting that site. I’m not convinced this is the first rogue Mac application ever to hit the internets, but the F-Secure folks are top-notch researchers who [...]
ArpSpyX has just been updated to version 1.2 which adds full support for Intel Macs. If you’re not familiar with ArpSpyX you should give this utility at least a quick look if you care at all about the security or contents of your local network.
The program works by either monitoring ARP (Address Resolution Protocol) traffic [...]