Apple’s GateKeeper is a background technology in OS X that helps thwart malware. It does so by assessing three levels of identification for an app (Unsigned, Signed, and Signed with App Store distribution), and then imposing options to block execution of apps that are either unsigned, or not distributed through the App Store. However, a simple workaround exists that can allow malware to overcome Gatekeeper’s blocks and run. Continue reading
Tag Archives: malware
Apple outlines 25 top apps affected by XCodeGhost
In order to distribute apps in Apple’s App Store, developers need to keep up to date with the latest versions of XCode; however, Apple has historically released new versions of XCode to US customers before those in other countries. This has spurred developers in China, including reputable ones, to obtain the latest versions of XCode from secondary sources. Unfortunately, these developers were recently duped into using malware-laden versions of XCode that injected malware into their apps upon submission to the App Store. Continue reading
Latest Safari versions address browser hijacking
One of the more notorious problems you might run into when using a computer is a browser hijacking attack, where stumbling upon a maliciously crafted Web site will result in an alert being repeatedly displayed, regardless of how many times you try to close it. While you might resort to force-quitting Safari to overcome this problem, with Apple’s “Resume” feature in OS X, when you re-launch the browser your Web pages will load again, resulting in the same frustrating behavior. Continue reading
New Zero-Day memory injection vulnerability discovered in OS X
PCWorld is reporting that a new zero-day vulnerability has been found for OS X, which affects versions of OS X from 10.9.5 through to the recently-released 10.10.5. The problem comes from how NULL pointers in programs are handled, where malicious programs may use a special condition to bypass the default location where NULL code is directed to, and allow the program to bypass OS X’s security. Continue reading
Malware developers targeting MacKeeper settlement Web page
Following the recent announcement of the MacKeeper legal settlement, malware developers are creating routines that redirect people from the settlement site to nefarious Web pages that use javascript hacks to “lock” a browser. When this happens, you will see an alert window that has an OK button, but clicking the button just pops open another alert. Continue reading
DYLD_PRINT_TO_FILE exploit found in the wild for OS X
A vulnerability exists in OS X where an attacker can take advantage of a routine that is generally intended for logging, and overwrite system files. In doing so, the attacker can modify the system to allow bypassing of OS X’s security measures and give full “root” access to malware installers. The result of this is further modification to an affected Mac can be performed without any indication or authentication requirement. Continue reading
How to remove the FlashMall adware from OS X
Anytime you are using your Mac and are suddenly inundated with popups, unwanted Web pages opening, and other ads, then you are likely either using or getting too close to illegitimate resources. Generally this happens when you stumble across a nefarious Web site, but at other times it can be from adware and other malware you have installed on your system. One such instance of this is if you find persistent popups showing up on your Mac that reference “FlashMall,” which occurs from having installed the CrossRider trojan. Continue reading
How to protect your Mac from the ‘Dark Jedi’ firmware hack
A new exploit dubbed ‘Dark Jedi’ exists for MacBook systems created before mid-2014, where a hacker can issue a malicious program to overtake the system’s firmware by simply having the system be put in sleep mode. Upon waking from sleep, the firmware on these older Macs is unlocked, which leaves them open to access and modification from applications running in OS X. This contrasts with the recent Thunderstrike firmware vulnerability that allowed hackers to overtake firmware, but required physical access to the system. Since this current vulnerability is run by way of malicious software, systems can be attacked remotely by uses of trojan horse and other social engineering approaches, but this also provides an avenue for protection. Continue reading
‘Jellyfish’ proof-of-concept malware may inject keylogger on Macs
A proof of concept keylogging hack called Jellyfish has been in the news about security vulnerabilities in Windows and Linux systems, but according to ITWorld, a Mac version being worked on called MAC_JELLY. This malware takes advantage of the graphics processing environments on modern PC systems, allowing a hacker to inject code that will monitor the system by way of a unique remote access trojan (RAT). While demonstrated on Windows and Linux systems, Apple’s OpenCL environment leaves Macs vulnerable as well. Continue reading
Chinese authorities nab ‘WireLurker’ malware creators
The Beijing Municipal Bureau of Public Security has announced Chinese authorities have arrested and charged three individuals with developing and operating the Web sites responsible for the recent “WireLurker” malware attacks on Apple’s iOS systems.
The threat, which was found earlier this month, allowed hackers to install malware on iOS devices by way of vulnerabilities in Apple’s enterprise provisioning routines. Continue reading