Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...
10.2K views | +0 today
Follow
Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...
Everything related to the (in)security of Apple products
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

Mac Malware Spies On Email, Survives Reboots

Mac Malware Spies On Email, Survives Reboots | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Crisis malware lets attackers install without an administrator password and intercept email, IM, and other communications.

 

Mac users, beware new malware targeting Apple OS X systems that's disguised as an Adobe Flash Player installer.
That warning comes via antivirus software vendor Kaspersky Lab, which said it first spotted the Crisis malware--also known as Morcut--last week.

 

While not widespread, the malware's ability to intercept email and IM, among other features, demonstrates that malicious applications written to target Macs can be just as powerful as malware that comes gunning for PCs.

 

Read more, a MUST...:

http://www.informationweek.com/news/security/attacks/240004583?cid=RSSfeed_IWK_security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Mac OS X Targeted By Clever New Trojan

Mac OS X Targeted By Clever New Trojan | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
A new Trojan dubbed 'OSX/Crisis' has been discovered which takes sneaky to a whole new level for infecting Mac OS X systems.

 

Andrew, director of security operations for nCircle, declared, “Mac malware is no joke. Despite Apple’s marketing hype about security, it should be obvious to everyone that their devices are susceptible to malware. Earlier this year the Flashback Trojan infected hundreds of thousands of Macs. The new OSX/Crisis malware is another Apple wake up call.”

 

For many Mac users, though, there is still a disconnect between realizing that the threat landscape has shifted, and actually doing something about it.

 

===> Mac users need to embrace the mindset that has been conditioned into Windows users over time, and install antimalware and other security tools to proactively protect against new attacks. <===

 

 

 ===> “Mac users are going to have to learn to be more security minded and Apple needs to step up and offer users practical, effective security support.” <===

 

Read more, a MUST:

http://www.pcworld.com/businesscenter/article/259963/mac_os_x_targeted_by_clever_new_trojan.html#tk.rss_main

 

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Why Apple wanted AuthenTec: Thwart Samsung, Android in BYOD

Why Apple wanted AuthenTec: Thwart Samsung, Android in BYOD | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Summary: If Apple didn't buy AuthenTec, a cash strapped mobile security player, it's likely another rival would have. Apple's courtship of the enterprise via the bring your own device continues.

 

 

Gust MEES: Check also my free course about BYOD here http://gustmees.wordpress.com/2012/07/07/bring-your-own-device-advantages-dangers-and-risks/

 

 

Read more:

http://www.zdnet.com/why-apple-wanted-authentec-thwart-samsung-android-in-byod-7000001722/

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

All eyes on Apple with it set to take security public

All eyes on Apple with it set to take security public | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
In a first, Apple manager scheduled to take stage Thursday at Black Hat to discuss security technologies in iOS...

 

Beyond Flashback, research has shown that Macs are carrying malware unbeknownst to users. A security scan of 100,000 Macs found 3 percent infected with Mac-capable malware, according to anti-virus vendor Sophos. When Windows malware was included, one in five Macs were found to be harboring some type of malware.

 

While the Mac has been the primary target, hackers are taking notice of iOS. This month, Kaspersky Lab reported finding an iOS Trojan that uploaded a user's address book to a remote server. Spam messages with a URL to the application, called "Find and Call," were sent from the server to all the users' contacts.

 

For years hackers focused on Microsoft Windows PCs instead of Apple products, which had a fraction of the market share. Today,

 

===> Apple's success in selling the iPhone and iPad have made it the world's most valuable company and its products a potentially lucrative target for cybercriminals. <===

 

Read more:

http://www.csoonline.com/article/712227/all-eyes-on-apple-with-it-set-to-take-security-public?utm_source=dlvr.it&amp;utm_medium=twitter

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

New Mac malware spies on you via Adium, Firefox, Safari, Skype

New Mac malware spies on you via Adium, Firefox, Safari, Skype | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Summary: A new Mac OS X Trojan referred to as OSX/Crisis silently infects OS X 10.6 Snow Leopard and OS X 10.7 Lion. It then spies on the user by monitoring Adium, Firefox, Microsoft Messenger, Safari, and Skype.

 

Read more:

http://www.zdnet.com/new-mac-malware-spies-on-you-via-adium-firefox-safari-skype-7000001665/

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Sécurité informatique : Apple sera présent à la conférence Black Hat

Sécurité informatique : Apple sera présent à la conférence Black Hat | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple parlera de la sécurité d'iOS lors de la conférence Black Hat qui se tient du 21 au 26 juillet 2012 à Las Vegas. C’est la première participation de la marque à la pomme à ce rendez-vous.

 

Non seulement Apple sera présent à la conférence Black Hat sur la sécurité informatique, mais le constructeur y fera aussi une déclaration. Le dirigeant de la plateforme sécurité de chez Apple, Dallas De Attley, montera sur la scène lors de l’événement, qui a lieu du 21 au 26 juillet à Las Vegas. Il parlera entre autres des systèmes de sécurité d’iOS, le système d’exploitation mobile d'Appel pour ses Iphone, iPad et iPod touch.

 

En savoir plus :

http://www.cnetfrance.fr/news/securite-informatique-apple-sera-present-a-la-conference-black-hat-39774556.htm#xtor=RSS-300021

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

New OSX/Crisis malware found for OS X 10.6 and 10.7

New OSX/Crisis malware found for OS X 10.6 and 10.7 | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
While the mode of infection is currently unknown, this new threat has uniquenesses over past malware for OS X. Read this blog post by Topher Kessler on MacFixIt.

 

Read more:

http://reviews.cnet.com/8301-13727_7-57479015-263/new-osx-crisis-malware-found-for-os-x-10.6-and-10.7/

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple tries to block iOS in-app purchase hack, fails

Apple tries to block iOS in-app purchase hack, fails | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Summary: Apple is working hard to fight the hacking of its In-App Purchase program for iOS. So far though, the company's attempts have not deterred Russian developer Alexey Borodin who apparently wants Cupertino to fix the underlying problem rather than just trying to block his in-appstore.com service.

 

Read more:

http://www.zdnet.com/apple-tries-to-block-ios-in-app-purchase-hack-fails-7000000985/

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Kaspersky meldet die erste Malware in Apples App Store

Kaspersky meldet die erste Malware in Apples App Store | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

Kaspersky meldet die erste Malware in Apples App Store


Die schädliche Anwendung heißt “Find and Call”. Sie liest das Telefonbuch aus und verschickt Spam-Nachrichten an alle Kontakte. Sie stand auch in Google Play zur Verfügung. Aus beiden Marktplätzen ist sie inzwischen entfernt worden.

 

Weiter lesen:

http://www.itespresso.de/2012/07/06/kaspersky-meldet-die-erste-malware-in-apples-app-store/

 

more...
No comment yet.
Rescooped by Gust MEES from Apps and Widgets for any use, mostly for education and FREE
Scoop.it!

Phonebook-slurping, spam-sending app found in App Store

Phonebook-slurping, spam-sending app found in App Store | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

 

 

 

 

A malicious app that slurps mobile users' phonebooks and uploads them to a remote server has been spotted being offered both on Google Play and Apple's App Store.

 

 

 

 

 

 

Read more:

http://www.net-security.org/malware_news.php?id=2174

 


Via Gust MEES
more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

How secure are Apple's iPhone and iPad from malware, really?

How secure are Apple's iPhone and iPad from malware, really? | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

In the five years since the first iPhone was released, there has never been a serious known case of iOS malware on an non-jailbroken device.

Virtually every version of iOS has been quickly jailbroken (that is, modified to allow installation of apps and hacks not authorized by Apple or the mobile carrier).

 

Jailbreaking is accomplished by exploiting security vulnerabilities in iOS. The same exploits used to jailbreak (an arguably legitimate hack) could just as easily be used to infect an iOS device with malware.

 

Read more to know the possible dangers and be aware:

http://nakedsecurity.sophos.com/2012/06/29/apple-mobile-device-security/?utm_source=twitter&amp;utm_medium=NakedSecurity&amp;utm_campaign=naked%252Bsecurity

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

MacOS X Mountain Lion kontaktiert täglich Apple-Server

MacOS X Mountain Lion kontaktiert täglich Apple-Server | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apples MacOS X Moutain Lion wird täglich in Kontakt mit den Update-Servern von Apple treten, um nach neuen Sicherheitsupdates zu suchen und diese dann zu installieren. Apple will so die Sicherheit des Betriebssystems weiter verbessern.

 

Weiter lesen:

http://www.pcwelt.de/news/Mehr-Sicherheit-MacOS-X-Mountain-Lion-kontaktiert-taeglich-Apple-Server-5968738.html?r=561528226505638&amp;lid=182653

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple l'admet : il y a des virus sur Mac !

Apple l'admet : il y a des virus sur Mac ! | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Il semble bien que le mythe du Mac infaillible soit en train de tomber. Après l'épisode Flashback (un malware ciblant exclusivement les ...

 

La maturité pour Apple ?

Lorsque l'on regarde l'ancienne version de la page, le discours passé d'Apple fait sourire. Il était temps que l'entreprise redescende sur terre, et reconnaisse enfin la vulnérabilité de son OS aux menaces des cybercriminels.

 

L'épisode Flashback y est certainement pour quelque chose. L'entreprise à la pomme a sûrement pris conscience de quelque chose. On espère que cela la poussera à se focaliser davantage sur la sécurité, de même que ses consommateurs (qui se croient encore trop souvent hors d'atteinte).

 

En savoir plus :

http://www.linformaticien.com/actualites/id/25390/apple-l-admet-il-y-a-des-virus-sur-mac.aspx

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Where are the Safari security updates for Windows and Snow Leopard? Users left exposed

Where are the Safari security updates for Windows and Snow Leopard? Users left exposed | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

Apple released Safari 6 as part of its new Mac operating system, OS X Mountain Lion, as well as a version for Lion that fixes a whopping 121 security vulnerabilties.

 

Unfortunately, Apple did not release security updates for Safari for either Snow Leopard or Windows to coincide with the release of Safari 6.0.


===> Unfortunately for Apple, ignoring security issues that affect a large percentage of users does not make the security issues disappear. <===

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple acquires fingerprint scanner firm AuthenTec

Apple acquires fingerprint scanner firm AuthenTec | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple has snapped up AuthenTec, a Delaware-based company that specializes in security systems such as fingerprint scanners.

 

So what does Apple want with AuthenTec? Are we about to see fingerprint scanners embedded in all our MacBooks? My guess is not so much on that front. But AuthenTec makes security-related products for other platforms, too. For example, the company has helped develop a system for Android devices where a fingerprint scanner is used in conjunction with mobile wallet functionality, as a way to secure payments.

 

Apple does tend to acquire small companies from time to time, usually in areas that it wants to control. For example, the company acquired a number of mapping firms that formed the basis of its iOS 6 mapping technology, bought up chip-maker PA Semi so it could design its own processor, and purchased Siri to make, well, Siri. In all of those cases, there was some lag time between the acquisition of the firm and the revelation of exactly what Apple was doing with the technology; if that holds true in this case, then a year or so from now, we’ll probably have the answer.

 

Apple did not respond to Macworld's request for comment as of this writing.

 

Gust MEES: something to watch in the future...

 

Read more:

http://www.macworld.com/article/1167917/apple_acquires_fingerprint_scanner_firm_authentec.html#lsrc=twt_macworld

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Mac malware spies on infected users through video and audio capture

Mac malware spies on infected users through video and audio capture | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
After further analysis, more information has emerged about the Morcut Mac OS X malware which was discovered this week.

 

Clearly OSX/Morcut-A was created with spying in mind, as its code includes hooks to control/monitor the following operations:

 

mouse coordinates
instant messengers (for instance, Skype [including call data], Adium and MSN Messenger)
location
internal webcam
clipboard contents
key presses
running applications
web URLs
screenshots
internal microphone
calendar data & alerts
device information
address book contents


===> In short, if this malware managed to infect your Mac computer it could learn an awful lot about you, and potentially steal information which could read your private messages and conversations, and open your email and other online accounts. <===

 

Read more:

http://nakedsecurity.sophos.com/2012/07/26/mac-malware-spies-morcut-crisis/?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29

 

 

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple plugs staggering number of holes in Safari browser

Apple plugs staggering number of holes in Safari browser | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple has released an update to its Safari browser, version 6, that plugs 121 security holes, most of which involve the WebKit rendering engine.

 

The Safari update fixes a staggering 121 vulnerabilities, 117 of those flaws in WebKit, a browser engine designed to render HTML webpages. Most of the WebKit vulnerabilities could result in an unexpected application termination or arbitrary code execution if the user visits a maliciously created website, according to the security update.

 

Apple also patched two issues with the handling of feed:// URLs – one is a cross-site scripting vulnerability that could be exploited if a user visited a maliciously crafted site, and the other is an access control issue that could be exploited to send files from a user’s system to a remote server.

 

Another Safari fix resolves a problem in which passwords may autocomplete even when the site specifies that autocomplete should be disabled.

 

Read more:

http://www.infosecurity-magazine.com/view/27219/apple-plugs-staggering-number-of-holes-in-safari-browser/?utm_source=twitterfeed&amp;utm_medium=twitter

 

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

After Malware Scare, Apple Makes First Appearance at Black Hat Conference

After Malware Scare, Apple Makes First Appearance at Black Hat Conference | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple will be making its first appearance at computer security conference Black Hat Thursday.

 

The first iOS malware app was confirmed earlier this month. Called “Find and Call” the app would have users upload all of their contact information to a server that would them spam all of their contacts with messages that appeared to come from the victim’s phone.

Hackers have started to pay more attention to the OSX platform.

 

Previously thought to be free from viruses and attacked, Apple computers have started to see a rise in malicious software attacks.

 

Read more:

http://mashable.com/2012/07/24/apple-black-hat/

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

New Mac backdoor Trojan spotted

New Mac backdoor Trojan spotted | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

A new Mac Trojan - dubbed Crisis or Morcut - has been spotted but, luckily, not in the wild.

 

Security firms Intego and Sophos have picked up samples from Virus Total, which shares the samples submitted to it with AV developers, and the fact that it could be found only there shows that the threat is extremely low risk.

 

Nevertheless, the malware itself is far from harmless.

It can compromise the last two version of Apple's OS X (10.6 and 10.7) and it doesn't require a password to be entered to do it.

 

Read more:

http://www.net-security.org/malware_news.php?id=2197&amp;utm_source=dlvr.it&amp;utm_medium=twitter

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple to block in-app purchase hack in iOS 6, offers interim fix

Apple to block in-app purchase hack in iOS 6, offers interim fix | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Summary: Apple has announced it iOS 6 will block the hacking of its In-App Purchase program. The company has also offered a temporary fix for app developers. if your app is affected, don't wait around for iOS 6.
more...
No comment yet.
Rescooped by Gust MEES from ICT Security-Sécurité PC et Internet
Scoop.it!

Multi-Platform Java Exploit Targets Macs, Linux, Windows

Multi-Platform Java Exploit Targets Macs, Linux, Windows | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
If allowed to run, a malicious Java applet checks the user's operating system and delivers a payload customized for that platform, whether it's Windows, Mac OS X, or Linux.

 

Read more:

http://www.securityweek.com/multi-platform-java-exploit-targets-macs-linux-windows

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple iOS App Store hit by first malware app

Apple iOS App Store hit by first malware app | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
A dodgy spam app has been detected for the first time in Apple's iOS App Store.

 

 

 

===> Be Aware of the Malware! Protect your devices! <===

 

Read more:

http://crave.cnet.co.uk/software/apple-ios-app-store-hit-by-first-malware-app-50008523/

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

OSX.Macontrol Back at It Again

OSX.Macontrol Back at It Again | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

Most recently, we have come across a new variant of OSX.Macontrol (first seen in March 2012). This current sample appears to be spread through targeted email and has a very low distribution rate. The binary [md5 - e88027e4bfc69b9d29caef6bae0238e8] is small in size (75kB) and provides little functionality other than a backdoor to a remote host (61.178.77.16x).

 

The web server appears to be a custom HTTP command and control server that can collect and modify system settings. HTTP command and control allows the attacker to evade detection by sending commands that appear to be clean, normal web traffic.

 

OSX.Macontrol has the ability to:

 

- Close the connection to the remote location and end the threat
- Collect information regarding the compromised computer and send it back to the remote server
- Send the process list of the compromised computer to the remote server
- End processes
- Fork running processes
- Retrieve the install path of the Trojan
- Delete files
- Run files
- Send files to the remote server
- Send user status and information to the remote server
- Log out the current user
- Put the compromised computer to sleep
- Restart the compromised computer
- Shut down the compromised computer

 

===> To ensure that you are protected, please make sure your AV definitions are always up to date. Also, please do not download or open attachments from senders that you do not recognize. <===

 

Symantec Note: We were able to connect with Apple and they stated they updated their OS X malware definitions recently to address this version of Macontrol.

 

Read more:

http://www.symantec.com/connect/blogs/osxmacontrol-back-it-again

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Mac espionage trojan targets Uighur activists

Mac espionage trojan targets Uighur activists | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
The Uighur Muslim minority group is being targeted in a new APT campaign that targets Mac users and is difficult to detect.

 

 

 

 

Read more:

http://www.scmagazine.com/mac-espionage-trojan-targets-uighur-activists/article/248056/?utm_source=dlvr.it&amp;amp;utm_medium=twitter

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Mac malware, be aware! Forewarned is Forearmed!

In the past, few viruses have targeted Apple operating systems -- but this is gradually changing. The increased popularity of Apple smart devices has led some cybercriminals to exploit a traditionally ignored audience.

 

IT admins needs to educate their users about this growing threat and implement a business antivirus solution for Macs as they do for PCs.

 

Video here:

http://www.youtube.com/watch?v=MOflZBB4qGc

 

more...
No comment yet.