Showing posts with label apple security update. Show all posts
Showing posts with label apple security update. Show all posts

Tuesday, April 15, 2008

Q1 Mac Threats RoundUp

The first quarter of this year has gone so fast but for Mac threats everything just started. Let's take a review on Q1 notable threats, the overall perspective on malware categories and OS X reported vulnerabilities and fixes.

Q1 Notable Threats

Trojan.OSX.DNSChanger

Description: This is a malicious Trojan that uses social engineering technique to entice users to manually install the program. It arrives to users as a disguised video codec and associates itself with shared and downloadable videos. During installation, this Trojan modifies users’ DNS IP address to point to its own malicious servers. Infected user will suddenly experience unusual results in its entire web browsing activity.

This trojan is currently seen in-the-wild.

RogueAntiSpyware.OSX.MacSweeper

Description: MacSweeper is a rogue application which uses deceptive sales and marketing techniques to get onto the users’ system. It usually arrives to users as an pop-up advertisements, where it redirect users to download the file.

This is the first rogue application for Mac OS X.

RogueAntiSpyware.OSX.Imunizator

Description: Imunizator is a re-branded version of MacSweeper. It is an exact copy of MacSweeper except for its new name.

Application.OSX.LogKext

Description: LogKext is a free and powerful kernel base Keylogger in Mac OS X. This keylogger has a full stealth capabilities and it is controlled by a command-line client called logKextClient. A new version was recently released in public.

Percentage per Malware Categories


OS X Vulnerabilities


Posted by Methusela Cebrian Ferrer at 9:03 PM
Labels: , , , , ,

Thursday, December 20, 2007

Apple Security Updates: Significant Increase this Year

Last December 17, Apple released its 9th Security Updates for this year. This update fixes multiple vulnerabilities in Mac OS X that were found highly critical and could lead to privilege escalation, system access and denial of service. Nearly half of this update intends to fix vulnerabilities that allows execution of arbitrary code, if successfully exploited.

This year, there are 5 large updates that we had seen. The first was released in March which fixes 32 vulnerabilities, then followed by April, July, November and this month. These 9 security updates from Apple has fixed almost 200 bugs which is about half of last year count.

Apparently, the growing popularity of Macintosh computers will continue this trend, attracting more and more attackers. This is one of the hot stuff we should watch for next year - 2008.

Reference:
For complete list of Apple Security Update: http://docs.info.apple.com/article.html?artnum=61798

2007 Mac OS X Vulnerability Impact (source: Secunia)








Posted by Methusela Cebrian Ferrer at 9:42 PM
Labels: , , , , , , ,
Subscribe to: Posts (Atom)