Tuesday, April 1, 2008

March OSX News Makers

March 18 - Apple Released Its Gigantic Update.
  • Security Update 2008-002 fixes 95 security vulnerabilities found in different components of Mac OS X operating system.
  • Safari 3.1 fixes 13 security vulnerabilities found in Safari for Mac (10) and Windows (3).
March 20 - "iMunizator" The 2nd Rogue In Mac
  • iMunizator a rebranded version of MacSweeper.
  • It was first seen in Apple Discussions web site, where someone asked this question "What is iMunizator?"
  • Difference between the two:
      • iMunizatorSetup.dmg file size is 1.49Mb while MacSweeper 1.52Mb.
      • iMunizator company is iMunizator.com while MacSweeper is KiVVi Software.
      • iMunizator executable file size is 407,036 bytes while MacSweeper 407,468 bytes.
      • iMunizator resource folder does not contain TODO.txt.
      • If Last time, MacSweeper is sharing NS server with Cleanator (a known rogue program in windows) this time iMunizator.com neighbor is AntiSpywaredeluxe.com [] which is also a rogue program in Windows. iMunizator.com network information below:

March 27 - Mac OS X Hacked in 2 Minutes Read [CNET News]
      • VAIO VGN-TZ37CN running Ubuntu 7.10
      • Fujitsu U810 running Vista Ultimate SP1
      • MacBook Air running OSX 10.5.2
  • March 26 (1st Day) when the contest started. However, nobody was able to hacked any of these three operating systems in a limited resources and confined local network connection.
  • March 27 (2nd Day) when the attackers were given internet connection.
  • March 28 (3rd Day) when the attackers were allowed to use popular software to exploit.
  • The results are as follows:
      • On the 2nd day, Mac OS X was successfully hacked in 2 minutes using a zero-day exploit in Safari.
      • On the 3rd day, Vista was successfully hacked after 7 hours using zero-day exploit in Adobe Flash.
      • Linux stays intact and won against hackers.