Posts Tagged ‘Mac’
Wednesday, February 20, 2013 @ 03:02 PM gHale
Adobe released a security bulletin today that fixes a vulnerability in its Reader and Acrobat products found just one week ago.
The vulnerability, which attackers are jumping on and taking advantage of, could cause a crash of either and software and potentially allow a bad guy take control of the affected system.
For PC users, there is a sense of urgency to update as Adobe confirmed attackers are leveraging two of the vulnerabilities (CVE-2013-0640 and CVE-2013-0641) in targeted attacks designed to trick Windows users into opening a malicious PDF file attached in an email.
Mac and Linux users are not immune to this flaw, they just simply are not under attacker’s microscope at this juncture.
The security patches are available for software on Windows, Mac, and Linux. The following is a list of upgrades:
• Users of Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Reader XI (11.0.02).
• For users of Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader X (10.1.6).
• For users of Adobe Reader 9.5.3 and earlier 9.x versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader 9.5.4.
• Users of Adobe Reader 9.5.3 and earlier 9.x versions for Linux should update to Adobe Reader 9.5.4.
• Users of Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.02).
• Users of Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh should update to Adobe Acrobat X (10.1.6).
• Users of Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh should update to Adobe Acrobat 9.5.4.
Windows and OS X users can use the product’s update feature (Help => Check for Updates).
Friday, November 2, 2012 @ 09:11 AM gHale
There is a new Java backdoor Trojan called Jacksbot that is starting to make some in roads.
When it first came out, security researchers thought is was low risk because no computers suffered any infections, but that has changed, said officials at Trend Micro.
In addition, since it is a Java application, Jacksbot can target multiple systems along with Windows, like Mac, Linux and any other OS that supports the Java Runtime Environment.
So far, experts found it on two computers – one in Malaysia and one in Australia –but this is just the beginning.
One of Jacksbot’s capabilities is to steal Minecraft passwords, which might also have something to do with the way it’s spread.
“There is a possibility that this malware presents itself as a Minecraft modification to unsuspecting users as it contains the special command ‘MC for stealing Minecraft passwords from the compromised system,” said Johanne Demetria, a threat response engineer at Trend Micro.
Demetria said Jacksbot is a remote access Trojan (RAT) because it’s capable of taking control of computers, and allow its master to execute various “backdoor commands.”
Although it can run on any platform that supports JRE, it appears the backdoor mainly focuses on Windows. Experts said the developers might be “testing the waters” for a multiplatform malware, but for the time being, judging by its code, it only works properly on Windows.
“Although there are only 2 infections right now, JACKSBOT and its kin may in fact be the next trend in the threat landscape considering the rapidly changing market. Additionally, it is likely that the authors will continue to improve the code to fully support infection for OS X and Linux,” Demetria said.
Monday, October 29, 2012 @ 12:10 PM gHale
A new generation of advanced persistent threats (APTs) forced McAfee to update its Endpoint Security platform.
In the ever changing and dynamic environment of cyber security, the company said the update would better equip systems to block highly sophisticated attack techniques, such as the use of master boot record (MBR) sabotage techniques and the use of Zero Day flaws for intrusion attempts.
The update would look to not only expand the scope of protections for Endpoint Security, but also the new form factors, said Candace Worley, senior vice president and general manager of Endpoint Security for McAfee.
“We believe that the endpoint has to become more dynamic and context-aware,” Worley said.
“Devices are becoming more diverse, you have everything from a laptop and desktop to a tablet form factor.”
In addition to the MBR protections introduced, McAfee is updating the Enterprise Mobility manager to add support for iOS 6 devices and adding to the whitelisting protections on the McAfee Application Control administrator tool.
Encryption is also a priority in the update. The company said it would be updating the Endpoint Encryption platform to support PC and MacOS X systems. The update will include the use of new encryption algorithms from Intel which allow for faster encryption and decryption of data.
In addition to security enhancements, the company said the new Endpoint Encryption would simplify the process of managing and updating systems required to have encryption. By integrating the tool with the company’s ePolicy Orchestrator Deep Command console, administrators will be able to remotely access and patch end user systems without the need to enter credentials.
“If you have a full-disk encryption product and you power those systems off at night you need a body to type in that password to decrypt it and that is problematic,” Worley said, “This really addresses that case.”
Tuesday, October 9, 2012 @ 12:10 PM gHale
Adobe revoked the compromised code signing certificate they found used to sign malicious applications. Updates signed with a new certificate are now up and ready to go.
The revoked certificate ended up used to sign software code after July 10.
While most organizations will not suffer from the revocation process, some customers might need to take certain action.
Adobe said the Windows platform and three Adobe AIR applications – Acrobat.com desktop services, Adobe Story AIR applications, and Adobe Muse – for Windows and Mac are affected.
Customers who think they are suffering from the issue should check out the security certificate update page created by Adobe after they found out about the two malicious utility apps.
Thursday, August 2, 2012 @ 05:08 PM gHale
Even though Windows and Mac remain well separated as platforms, there are a number of applications that run on both operating systems, including things such as Adobe Flash, Reader and Java.
Attackers and malware writers, like any other specialists, are focusing their skills in one discipline in order to maximize their chances for success.
Attackers, not wanting to waste any time on small target bases and looking to maximize their profits, are focusing their efforts on vulnerabilities in these applications.
Knowing that, Microsoft researchers analyzed a series of malware samples and exploits and found some attackers are beginning to target the same vulnerability across multiple platforms as a way to make the most out of their efforts.
Microsoft researchers looked at a specific set of vulnerabilities found in applications on Windows and Mac OS X and found some attackers are going after flaws from as far back as 2009 in Office documents, and 2010 in Flash and Java and Reader.
“This observation is limited and based on the samples we identified, acquired and processed, however, this understanding provides us with an opportunity to recognize a trend we can describe as economies of scale in cross-platform vulnerabilities. This method of distribution allows the attacker to maximize their capability on multiple platforms. Thus, regardless of a particular attacker’s motive, the value and demand for these vulnerabilities is likely to persist – we know for a fact that Java vulnerabilities CVE-2011-3544 and CVE-2012-0507 are widely used by cybercriminals’ in exploit kits, such as Blacole/Blackhole,” said Methusela Cebrian Ferrer of the Microsoft Malware Protection Center.
Microsoft’s investigation of the way attackers are using cross-platform vulnerabilities began about a year ago when the company’s researchers came across a backdoor aimed at Mac users. The malware disguised itself as a Google app on the infected machine and then initiated a remote connection to a command-and-control server.
“Once connected, the remote attacker may take advantage of the backdoor file management feature which allows it to upload, download and navigate through files and directory. For more detail, have a look at the Backdoor:MacOS_X/Olyx.A description in our encyclopedia,” Ferrer said.