Apple’s GateKeeper is a background technology in OS X that helps thwart malware. It does so by assessing three levels of identification for an app (Unsigned, Signed, and Signed with App Store distribution), and then imposing options to block execution of apps that are either unsigned, or not distributed through the App Store. However, a simple workaround exists that can allow malware to overcome Gatekeeper’s blocks and run. Continue reading
Category Archives: Security
Apple outlines 25 top apps affected by XCodeGhost
In order to distribute apps in Apple’s App Store, developers need to keep up to date with the latest versions of XCode; however, Apple has historically released new versions of XCode to US customers before those in other countries. This has spurred developers in China, including reputable ones, to obtain the latest versions of XCode from secondary sources. Unfortunately, these developers were recently duped into using malware-laden versions of XCode that injected malware into their apps upon submission to the App Store. Continue reading
New Zero-Day memory injection vulnerability discovered in OS X
PCWorld is reporting that a new zero-day vulnerability has been found for OS X, which affects versions of OS X from 10.9.5 through to the recently-released 10.10.5. The problem comes from how NULL pointers in programs are handled, where malicious programs may use a special condition to bypass the default location where NULL code is directed to, and allow the program to bypass OS X’s security. Continue reading
Malware developers targeting MacKeeper settlement Web page
Following the recent announcement of the MacKeeper legal settlement, malware developers are creating routines that redirect people from the settlement site to nefarious Web pages that use javascript hacks to “lock” a browser. When this happens, you will see an alert window that has an OK button, but clicking the button just pops open another alert. Continue reading
DYLD_PRINT_TO_FILE exploit found in the wild for OS X
A vulnerability exists in OS X where an attacker can take advantage of a routine that is generally intended for logging, and overwrite system files. In doing so, the attacker can modify the system to allow bypassing of OS X’s security measures and give full “root” access to malware installers. The result of this is further modification to an affected Mac can be performed without any indication or authentication requirement. Continue reading
Apple Keychain ‘completely cracked’ by security researchers, but are you vulnerable?
Researchers at the Georgia Institute of Technology have revealed findings that show Apple’s Keychain password service is vulnerable to malware that can steal passwords from other apps on the system and gain access to services and devices that you use with your Mac.
The Keychain stores passwords in an encrypted format, so while direct access to them is exceptionally difficult, OS X supports services that allow apps to authenticate and then have access to the passwords. Continue reading
How to remove the FlashMall adware from OS X
Anytime you are using your Mac and are suddenly inundated with popups, unwanted Web pages opening, and other ads, then you are likely either using or getting too close to illegitimate resources. Generally this happens when you stumble across a nefarious Web site, but at other times it can be from adware and other malware you have installed on your system. One such instance of this is if you find persistent popups showing up on your Mac that reference “FlashMall,” which occurs from having installed the CrossRider trojan. Continue reading
How to protect your Mac from the ‘Dark Jedi’ firmware hack
A new exploit dubbed ‘Dark Jedi’ exists for MacBook systems created before mid-2014, where a hacker can issue a malicious program to overtake the system’s firmware by simply having the system be put in sleep mode. Upon waking from sleep, the firmware on these older Macs is unlocked, which leaves them open to access and modification from applications running in OS X. This contrasts with the recent Thunderstrike firmware vulnerability that allowed hackers to overtake firmware, but required physical access to the system. Since this current vulnerability is run by way of malicious software, systems can be attacked remotely by uses of trojan horse and other social engineering approaches, but this also provides an avenue for protection. Continue reading
Browser address bar exploit persists in Safari; other Mac browsers unaffected
A bug that existed in both Chrome and Safari continues to persist in Safari, and allows a malicious Web site to spoof the browser’s address bar to make it appear that you are at one URL when in fact you are at another.
When data phishing sites attempt to steal your information, they will commonly create page layouts that mimic popular and trustworthy pages like those from Facebook, Paypal, Apple, and others. While some of these are impressively similar to the official pages, one easy way to detect them is to look at your address bar and see that the page’s URL is not an official one. Continue reading
‘Jellyfish’ proof-of-concept malware may inject keylogger on Macs
A proof of concept keylogging hack called Jellyfish has been in the news about security vulnerabilities in Windows and Linux systems, but according to ITWorld, a Mac version being worked on called MAC_JELLY. This malware takes advantage of the graphics processing environments on modern PC systems, allowing a hacker to inject code that will monitor the system by way of a unique remote access trojan (RAT). While demonstrated on Windows and Linux systems, Apple’s OpenCL environment leaves Macs vulnerable as well. Continue reading