If you think your computer is secure because it is a Mac, you are dead wrong. The latest patch for OS X – 10.6.8 – contains 29 patches for security holes that allow arbitrary code execution. Any of those holes could be used to totally own your computer, circumventing any antivirus or encryption software you may be running. These 29 have been patched, but you can be sure there are others in the OS and in popular software like Flash and Adobe’s PDF reader.
If you want to keep a system safe, keep it physically disconnected from the internet.
Author: Milan
In the spring of 2005, I graduated from the University of British Columbia with a degree in International Relations and a general focus in the area of environmental politics. In the fall of 2005, I began reading for an M.Phil in IR at Wadham College, Oxford.
Outside school, I am very interested in photography, writing, and the outdoors. I am writing this blog to keep in touch with friends and family around the world, provide a more personal view of graduate student life in Oxford, and pass on some lessons I've learned here.
View all posts by Milan
Do you have any recommendations for good security software for Mac?
trust nobody
The most important thing is probably to keep Mac OS X itself fully updated, and avoid sketchy websites, Facebook applications, file-sharing services, etc.
It never hurts to have a good backup in case of data loss, not to mention to keep any sensitive information in a FileVault protected partition.
You can use more robust encryption if you want more security, but it is probably less convenient.
Growing List of Security Threats to Mac OS X Lion
By Damon Poeter
Long gone are the days when Apple lovers could take pride in their virus-free Macs while snickering at PC owners’ constant worries about security. Apple’s brand new Mac OS X Lion operating system is already acquiring an unhealthy list of reported vulnerabilities less than a week after its official release.
Some Lion vulnerabilities are carry-overs from Snow Leopard, like the “Mac Defender” class of scareware that first surfaced in May . Apple’s recent software update to prep Macs running Snow Leopard for Lion installation includes identification and removal of known variants of the malware.
Like Mac Defender, another newly identified OS X threat called the Olyx backdoor appears to be a variant of Microsoft Windows-targeting malware that’s simply been tweaked to go after Macs.
A newly identified Mac OS X Trojan bundles a component that leverages the processing power of video cards to generate Bitcoins, a popular type of virtual currency. The new Trojan was dubbed DevilRobber by antivirus vendors and is being distributed together with several software applications via BitTorrent sites.
Mac OS X Sandbox Security Hole Uncovered
by samzenpus
Gunkerty Jeb writes “Researchers at Core Security Technologies have uncovered a security hole that could allow someone to circumvent the application sandbox restrictions of Mac OS X. The report of the vulnerability, which affects Mac OS X 10.7x, 10.6x and 10.5x, follows Apple’s announcement earlier this month that all applications submitted to the Mac App store must implement sandboxing as of March 1, 2012. Sandboxing, Apple has argued, limits the resources applications can access and makes it more difficult for malware to compromise systems. Researchers at Core however revealed Nov. 10 that they had warned Apple in September about a vulnerability in their sandboxing approach. According to Core’s advisory, several of the default predefined sandbox profiles fail to ‘properly limit all the available mechanisms.’ As a result, the sandboxing restrictions can be circumvented through the use of Apple events.”
Biggest Apple botnet discovered: 600K+ Macs infected
Russian researchers have discovered a botnet of more than 600,000 Macs. Yes, Macs — you know, those things that don’t get malware. Apple (NASDAQ:AAPL) is coming under heavy criticism for its slow response to known vulnerabilities and for perpetuating the myth that OS X is malware-free. In IT Blogwatch, bloggers count the cost.
Apple computers hit by global Mac malware outbreak
http://business.financialpost.com/2012/04/05/apple-computers-hit-by-global-mac-malware-outbreak/
Malicious software designed to steal personal information has infected more than 600,000 Mac computers worldwide, warns a Russian cyber security firm, with the vast majority of victims in the United States and Canada.
Moscow-based anti-virus vendor Dr. Web said Wednesday malware known as the Flashback Trojan had managed to install itself on about 550,000 Apple Inc. computers around the world, with 57% of infected PCs in the U.S. and another 20% in Canada. Sorokin Ivan, an analyst with the company, said on Twitter later in the day the number of compromised machines had risen past 600,000, with 274 of them based in Cupertino, the southern California city where Apple is headquartered.
“This once again refutes claims by some experts that there are no cyber-threats to Mac OS X,” Dr. Web said.
CNET first reported on the existence of Flashback last September when the trojan was pretending to be a plug-in installer for Adobe’s Flash Player, though a new version began proliferating in February engineered to exploit a vulnerability in the Mac operating system related to how it reads the Java programming language. Users can become infected simply by navigating to a compromised web site which Dr. Web said could number more than four million.
Another Mac OS X Trojan has been spotted in the wild; this one exploits Java vulnerabilities just like the Flashback Trojan. Also just like Flashback, this new Trojan requires no user interaction to infect your Apple Mac. Kaspersky refers to it as ‘Backdoor.OSX.SabPub.a’ while Sophos calls it at ‘SX/Sabpab-A.
http://apple.slashdot.org/story/12/05/06/1621216/apple-security-blunder-exposes-lion-login-passwords-in-clear-text
Ad-injecting trojan targets Mac users on Safari, Firefox, and Chrome
Users are socially engineered into installing the trojan and seeing rogue ads.
Hardening Tips For Default Installation of Mac OS X 10.5 “Leopard”
“According to security company Sophos, around 55% of home users and 18% of enterprise users have updated to Mavericks, the latest version of Mac OS (10.9). Unfortunately Apple appears to have stopped providing security updates for older versions. Indeed, they list Mavericks itself as a security update. This means that the majority of users are no longer getting critical security patches. Sophos recommends taking similar precautions to those recommended for people who cannot upgrade from Windows XP.”
82% of enterprise Mac users not getting security updates
Apple Inc. has pushed an update for iOS mobile devices to close a gaping hole in its security software, which gave spies and hackers the ability to grab e-mail, financial information and other sensitive data. An update for its Mac computers is reportedly coming “very soon.”
Confirming researchers’ findings late Friday that a major security flaw in iPhones and iPads also appears in notebook and desktop machines running Mac OS X, Apple spokeswoman Trudy Muller told Reuters: “We are aware of this issue and already have a software fix that will be released very soon.”
http://www.theglobeandmail.com/technology/tech-news/apple-rushes-to-fix-glaring-security-flaw-as-bad-as-you-could-imagine/article17062369/
The problem lies in the way the software recognizes the digital certificates used by banking sites, Google’s Gmail service, Facebook and others to establish encrypted connections. A single line in the program and an omitted bracket meant that those certificates were not authenticated at all, so that hackers can impersonate the website being sought and capture all the electronic traffic before passing it along to the real site.
In addition to intercepting data, hackers could insert malicious web links in real e-mails, winning full control of the target computer.
The intruders do need to have access to the victim’s network, either through a relationship with the telecom carrier or through a WiFi wireless setup common in public places. Industry veterans warned users to avoid unsecured WiFi until the software patch is available and installed.
The programming error allows a malicious party to corrupt the integrity of a secure internet connection without those either side knowing. This allows snooping on e-mails, passwords, financial transactions, web sessions, instant messaging and much more. The flaw is present in iOS software, used for iPhones and iPads since September 2012, as well as in Mac OS X 10.9, released in June 2013 for Macintosh computers. The scale of the problem is astonishing: a man-in-the-middle (MitM in cryptographic jargon) could commandeer any secure connection from a Wi-Fi network in a coffeeshop up to the infiltration of an entire country, as exploited by certain governments and their agents in the past.
http://www.economist.com/blogs/babbage/2014/02/internet-security
—
Apple’s SSL/TLS bug (22 Feb 2014)
https://www.imperialviolet.org/2014/02/22/applebug.html
Thunderbolt Rootkit Vector
Attackers can infect MacBook computers with highly persistent boot rootkits by connecting malicious devices to them over the Thunderbolt interface. The attack, dubbed Thunderstrike, installs malicious code in a MacBook’s boot ROM (read-only memory), which is stored in a chip on the motherboard. It was devised by a security researcher named Trammell Hudson based on a two-year old vulnerability and will be demonstrated next week at the 31st Chaos Communication Congress in Hamburg.
A vulnerability at the heart of Apple’s Mac OS X systems—one thus far only partially addressed by Apple—opens the door to the installation of malicious firmware bootkits that resist cleanup and give hackers persistent, stealthy control over a compromised Mac. The research is the work of a reverse engineering hobbyist and security researcher named Trammel Hudson, who gave a talk at the recent 31C3 event in Hamburg, Germany, during which he described an attack he called Thunderstrike. Thunderstrike is a Mac OS X bootkit delivered either through direct access to the Apple hardware (at the manufacturer or in transport), or via a Thunderbolt-connected peripheral device; the latter attack vector exposes vulnerable systems to Evil Maid attacks, or state-sponsored attacks where laptops are confiscated and examined in airports or border crossings, for example.
Hudson’s bootkit takes advantage of a vulnerability in how Apple computers deal with peripheral devices connected over Thunderbolt ports during a firmware update. In these cases, the flash is left unlocked, allowing an Option ROM, or peripheral firmware, to run during recovery mode boots. It then has to slip past Apple’s RSA signature check. Apple stores its public key in the boot ROM and signs firmware updates with its private key. The Option ROM over Thunderbolt circumvents this process and writes its own RSA key so that future updates can only be signed by the attacker’s key. The attack also disables the loading of further Option ROMs, closing that window of opportunity.
http://apple.slashdot.org/story/15/01/08/214238/first-osx-bootkit-revealed
Two Mac viruses strike at the heart of the platform’s secure image
Apple’s iOS App Store suffers first major cyber attack
Apple Inc said on Sunday it is cleaning up its iOS App Store to remove malicious iPhone and iPad programs identified in the first large-scale attack on the popular mobile software outlet.
The company disclosed the effort after several cyber security firms reported finding a malicious program dubbed XcodeGhost that was embedded in hundreds of legitimate apps.
It is the first reported case of large numbers of malicious software programs making their way past Apple’s stringent app review process. Prior to this attack, a total of just five malicious apps had ever been found in the App Store, according to cyber security firm Palo Alto Networks Inc.
The hackers embedded the malicious code in these apps by convincing developers of legitimate software to use a tainted, counterfeit version of Apple’s software for creating iOS and Mac apps, which is known as Xcode, Apple said.
New ransomware targets Apple Mac computers for 1st time
KeRanger malware infected popular Transmission software during a cyberattack on software’s developer
New Mac Ransomware Is Even More Sinister Than It Appears
The threat of ransomware may seem ubiquitous, but there haven’t been too many strains tailored specifically to infect Apple’s Mac computers since the first full-fledged Mac ransomware surfaced only four years ago. So when Dinesh Devadoss, a malware researcher at the firm K7 Lab, published findings on Tuesday about a new example of Mac ransomware, that fact alone was significant. It turns out, though, that the malware, which researchers are now calling ThiefQuest, gets more interesting from there. In addition to ransomware, ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in. The spyware component also lurks persistently as a backdoor on infected devices, meaning it sticks around even after a computer reboots, and could be used as a launchpad for additional, or “second stage,” attacks. Given that ransomware is so rare on Macs to begin with, this one-two punch is especially noteworthy.