You remember the fable about Apple not needing security software? Things may have changed…
In Last week’s TidBits, editor Rich Mogull takes on the challenge of finding and documenting the latest security updates from Apple. There are a lot more than you think might be appropriate.
First Rich tackles Apple’s first general Mac OS X security update of 2009, patching a series of serious vulnerabilities. Seriously, did you think the Mac was not vulnerable?
Then he presents the Safari RSS Fix, and calls it “the most notable vulnerability patched is a flaw in how Safari handled links for RSS feeds…” — and points out how Brian Mastenbrook initially disclosed the nature of this vulnerability.
It’s an interesting read and includes some other security fixes and patches, including a few that potentially allow an attacker to run any code on your system. Scary stuff.
Well, at least all the fixes are available via Software Update or as a standalone download.
The whole story is found in the 965 issue of TidBits.
http://db.tidbits.com/issue/965
http://support.apple.com/kb/HT3438
http://brian.mastenbrook.net/display/27
Stealthier Mac Attacks
Likewise, Technology Review’s Erica Naone reports on a new technique lets hackers targeting Apple’s OS X cover their tracks more effectively.
Fans of Apple computers often boast about superior security. But as Macs have gained in popularity over the past few years, this has brought much more attention from hackers. At a presentation scheduled to take place today at the Black Hat DC computer-security conference in Washington, DC, one security expert will reveal a technique for attacking the Mac operating system–OS X–without leaving a trace.
Naone’s article cites work with an Italian tech student who reports:
the technique allows an attacker to break into a machine without leaving a trace in its permanent memory, which means that evidence of the attack will disappear as soon as the victim’s computer is turned off. Such a technique could be used, for example, in combination with another software flaw to covertly replace a legitimate version of Apple’s Safari Web browser with a malicious one that logs the user’s keystrokes and sends them to the attacker.
http://www.technologyreview.com/computing/22194/page1/
The time will come when Mac users need to be as vigilant against virus, malware and intrusions as Windows users have been for years. I guess it’s just part of “growing up” and maturing in the market. As Macs become more popular, they become a bigger target for crime. And, since Macs are used by the more affluent, criminals know that a Mac user’s personal data is most likely worth more on the underworld markets.
