Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...

There is a vulnerability buried deep in the firmware of many Apple laptops that could allow an attacker to overwrite the machine’s BIOS and install a rootkit, gaining complete control of the Mac.

The vulnerability lies in the UEFI system on some older MacBooks, and researcher Pedro Vilaca discovered that after a MacBook is put to sleep and then brought back up, the machine’s low-level firmware is left unlocked.

Mehr erfahren/Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=EFI

“It means that you can overwrite the contents of your BIOS from userland a rootkit EFI without any other tricks other than a suspend-resume cycle, a kernel extension, flashrom, and root access.

“The bug can be used with a Safari or other remote vector to install an EFI rootkit without physical access [provided] a suspended happens in the current session … you could probably force the suspend and trigger this, all remotely. That’s pretty epic ownage.”

Apple has been contacted for comment.

Flash locks are removed when machines enter a sleep state for about 30 seconds or more, allowing attackers to update the flashrom contents from userland including EFI binaries.

Affected models include the MacBook Pro Retina, and Pro, and MacBook Airs, each running the latest EFI firmware updates.

Some of the latest machines are not affected leading Vilaça to think Apple is aware of the vulnerability.

“If they (Apple) indeed knew about the bug – because I don’t believe it’s a coincidence not working in latest machines – then they keep their pattern of not patching older versions,” he says.

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=EFI

Apple fixes a large number of vulnerabilities with security updates for OS X, iOS, Apple TV and Safari

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

SymantecTV : Are Mac Users safe from Malware? Not as much as you might think. Symantec's Security Expert Kevin Haley breaks down the Mac's invincibility myth. Learn why Malware authors are targeting unsuspecting Mac users and why you should be protected.

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

Researchers at BAE just reported on a Mac bot known as OSX/Agent-ANTU that was allegedly distributed in a novel way.

The crooks used a security hole in a controversial Mac security and cleanup utility called MacKeeper.

MacKeeper quickly patched the hole after it became known, but until you received the update you were at risk of a Remote Code Execution (RCE) hole.

As long as you were unpatched, a crook could simply entice or redirect you to a poisoned website, and use a single line of JavaScript to send a command script to MacKeeper, which would then run it.

Unfortunately, according to BAE, some crooks struck while the iron was hot.

The crooks sent unpatched MacKeeper users to a web page that tricked their Macs into downloading the OSX/Agent-ANTU malware.

Here are some examples we've seen over the years where the Windows malware "playbook" has been followed, in some cases extremely effectively, on OS X:

2012: Java-based exploit. The Flashback malware was injected onto your Mac via an unpatched Java bug. Flashback was a bot, or zombie, meaning that crooks could remotely send it instructions to help them commit further cybercrime. Estimates suggest that more than 600,000 Macs ended up infected, supposedly including "274 from Cupertino."

2013: Word-based exploit. SophosLabs reported on attackers using an exploitable bug in Microsoft Word for Mac to target Chinese minority groups. If you opened a booby-trapped document, disguised as some sort of political commentary, the crooks got control of your Mac via zombie malware called OSX/Agent-AADL.

2014: Fake "undelivered item" documents. If you opened the bogus PDF file, really an application in disguise, you could end up infected with a data-stealing Trojan called OSX/LaoShu-A. Amongst other things, this one would find files such as documents, spreadsheets, presentations and archives...and send them to the crooks.

So, if you haven't yet crossed the bridge and become a Mac anti-virus user, now would be a good time to give it a go.

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

Ein Sicherheitsexperte hat eine schwere Sicherheitslücke im Ruhemodus der Macs entdeckt.

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=EFI

Almost five years ago, Intego security researchers warned about the OSX/OpinionSpy spyware infecting Mac computers, downloaded during the installation of innocent-sounding applications and screensavers distributed via well-known sites such as MacUpdate and VersionTracker.

Once compromised, infected Macs could leak data and open a backdoor for further abuse.

Now, sadly, a variant of OpinionSpy seems to be making something of a comeback.

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

A security researcher has discovered a way to infect Macs with malware virtually undetectable, that 'can't be removed,' and which can be installed using a modified Apple gigabit Ethernet Thunderbolt adapter.

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

Pour l’instant, plus de peur que de mal
Wirelurker s’attaquerait dans un premier temps aux ordinateurs fonctionnant sous OS X, puis surveille les connexions d’appareil iOS via USB au Mac infecté. C’est cette particularité qui a retenu l’attention de la plupart des chercheurs en sécurité. Jonathan Zdziarski explique ainsi que « si Wirelurker apparait être encore très jeune […] et facile à détecter, le réel problème est ici celui posé par le manque de sécurisation du système d’appariement d’Apple. »

Si le nom de Zdziarski vous évoque confusément quelque chose sans que vous parveniez à remettre le doigt dessus, il est le chercheur à l'origine de la récente polémique autour des backdoors de maintenance découverts sur les terminaux Apple cet été.

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security?q=wirelurker