10.7 Lion
Mac OS X Lion (10.7) contains a security issue which can allow non-root users access to the password hashes as well as ability to change the password without authenticating the current password. Read more at “Defence in Depth” including full details, scenarios and temporary fixes.
August 19, 2011 • 1 min read
10.7 Lion
SecureMac has released MacScan 2.9 the latest in malware protection and security for Mac OS X offering full support for OS X 10.7 (Lion). MacScan 2.9 is available for purchase directly from the MacScan Site or within the application, users may evaluate MacScan for free for 30-days. Existing MacScan users can upgrade at no charge.
August 1, 2011 • 2 min read
10.6 Snow Leopard
Apple has released Mac OS X 10.6.5 in the update includes many security concerns addressed. An outline of the security update 2010-007 can be found here http://support.apple.com/kb/HT4435. Users should install this latest update, access the Software Update from within the System Preferences.
November 12, 2010 • 1 min read
10.5 Leopard
Core Security has discovered a vulnerability in Mac OS X 10.5 which could be used by a remote attacker to execute arbitrary code by getting the user to download a PDF document containing a embedded malicious CFF font. The advisory shows a communication timeline with Apple as well.
November 10, 2010 • 1 min read
10.6 Snow Leopard
Visit the Boonana advisory page for more details about the Trojan horse trojan.osx.boonana.a including initial analysis and removal instructions or download Boonana Trojan Horse Removal Tool directly.
October 28, 2010 • 3 min read
Apple
Apple has updated Java for Mac OS X 10.5 and 10.6 addressing several security issues. Users are advised to download the latest update via Software Update in System Preferences or download directly from the Apple Download page.
May 19, 2010 • 1 min read
Apple
5.12.10 News
PGP Whole Disk Encryption (WDE) ensures your entire hard disk is encrypted and only accessible by you. Read the whole review of PGP Whole Disk Encryption for Mac OS X.
Mac OS X
Trojan Horse Alert: Intego recently alerted users to the presence of a new variant of the HellRaiser Trojan Horse, which they identify as OSX/HellRTS.D. SecureMac has analyzed this new variant and it is detected in the latest MacScan spyware definitions update (Spyware Definitions Version 2010006) as HellRaiser Trojan Horse 4.2. MacScan has detected previous variants of this trojan horse since 2005.
HellRaiser is a trojan horse that allows complete control of a computer by a remote attacker, giving the attacker the ability to transfer files to and from the infected computer, pop up chat messages on the infected system, display pictures, speak messages, and even remotely restart or shut down the infected machine.
The attacker can search through the files on the infected computer, choosing exactly what they want to steal, view the contents of the clipboard, or even watch the user’s actions on the infected computer.
In order to become infected, a user must run the server component of the trojan horse, which can be disguised as an innocent file. The attacker then uses the client component of the trojan horse to take control of the infected system.
Read more about HellRaiser Trojan Horse aka OSX/HellRTS.D
April 16, 2010 • 2 min read
Apple
Mac OS X Security Update – Apple posts new security update (2010-003) for Leopard and Snow Leopard. Users may update via the Software Updates System Preferences or by accessing Apple’s download site directly.
This security update addresses ATS (Apple Type Services) handling of embedded fonts. Accessing documents containing malicicously crafted embedded fonts may lead to arbitrary code execution. Charlie Miller is credited for discovery of this threat.
April 14, 2010 • 1 min read
Apple
Apple has released Mac OS X 10.6.3, in this release it includes over a dozen security fixes. Users are advised to upgrade to the latest version of Mac OS X by accessing the Software Update in the System Preferences or by accessing Apple’s download page directly. http://support.apple.com/downloads/
March 30, 2010 • 1 min read
Apple
Mac OS X security update (2010-001) has been posted by Apple fixing several security issues including a Adobe Flash. Other security fixes include CoreAudio, cupsd printing scheduler, issues with DMGs,TIFFs, SSL and TSL. To update your system access the software update icon within the System Preferences and check for updates.
More information at Apple KB Article.
Mac OS X
SecureMac is celebrating 10 years of success. This year marks the Macintosh security company’s ten-year anniversary. Over the past decade, SecureMac has expanded its role as the premier source for Macintosh security news, released its award-winning anti-spyware and privacy program MacScan, and two free trojan removal tools for the most dangerous threats against OS X. SecureMac continues to lead the drive to educate users about the security threats for OS X, and looks forward to more years of continued success.
September 20, 2009 • 2 min read