Security issue in OS X, Safari, Mail, ...

Apple products and Mac operating systems. Including discussions on Virtual PC for Mac, Parallels Desktop for Mac, all Apple hardware and everything relating to Apple and Mac!
(MacCentre701)

Security issue in OS X, Safari, Mail, ...

Postby Antony » Sun 26 Feb, 2006 12:47 am

This thread is to provide some organised information regarding security holes, viruses, worms etc that targets Mac OS X and Safari, Mail.app.

This thread will be updated from time to time. To discuss each individual case, please follow each each thread.

OSX/Leap-A: [sdt=10877]thread[/sdt]
cause: A proof-of-concept piece of malware, the worm attempts to spread via iChat instant messaging. The worm sends itself to available contacts on the infected users' buddy list in a file called "latestpics.tgz" This worm requires users to enter administrator password.

official words: "Leap-A is not a virus, it is malicious software that requires a user to download the application and execute the resulting file."

solution: (obvious,) don't launch untrusted applications.
update solution: install [sdt=10971]Security Update 2006-001[/sdt]

Safari (launches unsafe file) [sdt=10910]thread[/sdt]
cause: (by default) Safari launches downloaded ZIP archives by itself, no user interaction.

solution: Go to Safari's preferences, and in General preferences un-tick “Open "safe" files after downloadingâ€
UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8
User avatar
Antony
diamond member
diamond member
 
Posts: 15483
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia

Postby Antony » Thu 11 May, 2006 11:19 pm

[sdt=11366]Security Updates 2006-003[/sdt] is now available for Mac OS X 10.4.6 and 10.3.9 users.
UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418 (KHTML, like Gecko) Safari/417.9.2
User avatar
Antony
diamond member
diamond member
 
Posts: 15483
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia

Postby Antony » Tue 28 Nov, 2006 10:57 pm

installer issue ("[sdt=12438]iAdware[/sdt]") was addressed in [sdt=12455]Security 2006-007[/sdt]
UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/418.9 (KHTML, like Gecko) Safari/419.3
User avatar
Antony
diamond member
diamond member
 
Posts: 15483
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia

Postby Antony » Wed 14 Mar, 2007 12:26 pm

According to Cnet News.com, Apple fixed 45 security holes in [sdt=13132]Mac OS X 10.4.9 update[/sdt] and [sdt=13131]Security Updates 2007-003 for Panther[/sdt].

It deals with vulnerabilities in Apple's own software, as well as third-party components such as Adobe Systems' Flash Player, OpenSSH and MySQL. Sixteen of the vulnerabilities addressed by the update were previously released as part of two high-profile bug-hunting campaigns.

(...)

Tuesday's update deals with nine vulnerabilities released as part of the Month of Apple Bugs in January and seven bugs disclosed in the Month of Kernel Bugs in November. In earlier fix releases, Apple fixed several flaws identified during the projects.


For more detail, please read Apple megapatch plugs 45 security holes (Cnet news.com)
UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2
User avatar
Antony
diamond member
diamond member
 
Posts: 15483
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia


Return to Mac OS and Apple

Who is online

Registered users: Baidu [Spider], Bing [Bot], Google [Bot], Majestic-12 [Bot]