Category Archives: Security

How to protect your Mac from the ‘Dark Jedi’ firmware hack

11 Replies

BurnIconXA new exploit dubbed ‘Dark Jedi’ exists for MacBook systems created before mid-2014, where a hacker can issue a malicious program to overtake the system’s firmware by simply having the system be put in sleep mode. Upon waking from sleep, the firmware on these older Macs is unlocked, which leaves them open to access and modification from applications running in OS X. This contrasts with the recent Thunderstrike firmware vulnerability that allowed hackers to overtake firmware, but required physical access to the system. Since this current vulnerability is run by way of malicious software, systems can be attacked remotely by uses of trojan horse and other social engineering approaches, but this also provides an avenue for protection. Continue reading

Browser address bar exploit persists in Safari; other Mac browsers unaffected

8 Replies

NewSafariIconXA bug that existed in both Chrome and Safari continues to persist in Safari, and allows a malicious Web site to spoof the browser’s address bar to make it appear that you are at one URL when in fact you are at another.

When data phishing sites attempt to steal your information, they will commonly create page layouts that mimic popular and trustworthy pages like those from Facebook, Paypal, Apple, and others. While some of these are impressively similar to the official pages, one easy way to detect them is to look at your address bar and see that the page’s URL is not an official one. Continue reading

‘Jellyfish’ proof-of-concept malware may inject keylogger on Macs

3 Replies

BurnIconXA proof of concept keylogging hack called Jellyfish has been in the news about security vulnerabilities in Windows and Linux systems, but according to ITWorld, a Mac version being worked on called MAC_JELLY. This malware takes advantage of the graphics processing environments on modern PC systems, allowing a hacker to inject code that will monitor the system by way of a unique remote access trojan (RAT). While demonstrated on Windows and Linux systems, Apple’s OpenCL environment leaves Macs vulnerable as well. Continue reading

Protect your Mac from a password-revealing security flaw

2 Replies

KeychainAccessIconXA security issue exists in OS X where if you are logged into your Mac, any individual may sit down at your system and gain access to the passwords in your keychain.

When you save passwords to your keychain in OS X, your Mac will automatically allow access to them for specific services, such as Mail for logging into your e-mail accounts. However, other services that access them will be required to authenticate before they have access to the password, especially those that will reveal your password in plain text. Continue reading

‘No iOS Zone’ flaw may crash unpatched iOS devices

3 Replies

BurnIconXA bug exists in iOS 8 that will allow a maliciously configured Wi-Fi hotspot to crash any iOS device that connects to it. The flaw, was found by security researchers at Skycure, and operates by manipulating SSL certificates. When your iPhone or iPad connects to one of these hotspots, it may suddenly restart, and then continue doing so in a loop as long as it attempts to reconnect to the same hotspot. Continue reading

Rootpipe vulnerability still affects Macs despite patch

Leave a reply

SecurityIconXDespite having issued an update that patches the recent security flaw in OS X called “rootpipe,” security researchers are demonstrating that OS X is still open to this ongoing vulnerability. Rootpipe is a backdoor flaw in OS X where a hacker can break the OS X sandboxing rules that isolate running processes. In doing so, a program that does not have admin access can gain these privileges and get full root privileges to the system. Continue reading

Latest OS X security updates fix ‘Rootpipe’ vulnerability

12 Replies

SecurityIconXOne recent security flaw in Apple’s Mac OS platform that gained some press recently was the Rootpipe vulnerability, where security researcher Emil Kvarnhammer found a method of hacking a Mac that could bypass OS X’s security and allow the hacker to gain full administrative control of the system. This issue, which took advantage of faulty entitlements for XPC processes (small tools launched on the behalf of an application to take on workloads and spread the risk of a crash from affecting the main application), allowed a developer to break the sandboxing rules in OS X. Continue reading