Apple OS X Java Update

Apple have released an update that fixes the Flashback Trojan vulnerability:

Got to Software Updates and install it as soon as possible -

This Java security update removes the most common variants of the Flashback malware.

This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.

This update is recommended for all Mac users with Java installed.

For details about this update see: http://support.apple.com/kb/HT5242

Posted on April 13, 2012 by Jonathan Green and tagged Apple Flashback Mac OSX Malware Vulnerability.

Apple OSX Security Update

Apple has today released Security Update 2010-004 and Mac OS X v10.6.4.

Please go to Software Updates on your Mac to download.

Posted on June 16, 2010 by Jonathan Green and tagged Apple Mac OSX security updates.

Apple Safari Vulnerability

A vulnerability affecting Apple Safari has just been discovered.

By tricking the user into opening a malicious web page, an attacker may be able to execute arbitrary code. Exploit code for this vulnerability is publicly available.

The only fix available as of now, until Apple offers a patch, is to disable Javascript under 'Preferences', 'Security'

The other option is to use Firefox 3.6 with the NoScript add-on, or Google Chrome. It is likely that Google Chrome is not affected by this vulnerability.

Posted on May 10, 2010 by Jonathan Green and tagged Apple Mac Safari Vulnerability.

Mac OSX Security Update Available

Apple have a released security update 2010-003 which is recommended for all users and improves the security of Mac OS X.

Please go to Software Updates to download

Posted on April 15, 2010 by Jonathan Green and tagged Apple Mac OSX security updates.

Apple Store Spam

This email seems to be gaining popularity, probably due to the recent iPad release.

Anybody that knows Apple or who has ever had an email relating to an Apple Store order will immediately know that it's bogus.

The design and layout is about as un-Apple is it possibly could be.

As ever, be wary of any such emails arriving in your inbox, especially if they include a number of CC addresses, and start with 'Dear Customer'

If the recipient follows the link inside the message, it will take him to a compromised webpage containing just a single linked word: "Visit". While he is wondering why the link didn't take him to the App Store, an exploit pack by the name "Eleonore" is being downloaded onto his machine. If he follows the "Visit" link in the hope of getting to the App Store page, he will be taken to a "Canadian Pharmacy" website.

The exploit pack drops a fake AV Trojan, and users should be extra careful because this particular file has only a 29% detection rate according to VirusTotal.

Posted on April 10, 2010 by Jonathan Green and tagged Apple Apple Store spam spam.

Apple Quicktime Exploit

There is a known (but already patched) vulnerability the affects the following versions of Apple OSX and Quicktime:

Apple QuickTime Player 7.6.5
Apple QuickTime Player 7.6.4
Apple QuickTime Player 7.6.2
Apple QuickTime Player 7.6.1
Apple QuickTime Player 7.6
Apple Mac OS X Server 10.6.2
Apple Mac OS X Server 10.6.1
Apple Mac OS X Server 10.6
Apple Mac OS X 10.6.2
Apple Mac OS X 10.6.1
Apple Mac OS X 10.6

BUT this has already all been patched in the latest Apple 10.6.3 update. Therefore, if you didn't update your Apple OS last week, please go ahead and do so without delay.

Products that are NOT vulnerable are:

Apple QuickTime Player 7.6.6
Apple Mac OS X Server 10.6.3
Apple Mac OS X 10.6.3

The news here is to always stay current with all software updates.

Posted on April 8, 2010 by Jonathan Green and tagged Apple Mac OSX Quicktime Vulnerability.

How secure is your Mac?

Security expert Charlie Miller is due to disclose how he found 20 zero day Mac vulnerabilities at next weeks CanSecWest security conference.

Miller will stop short of exposing the actual vulnerabilities.

In a great analogy about PC security, Miller compared the Mac to a remote farmhouse without locks, suggesting that it's still a 'remote' enough platform to not be 'found' but is actually inherently insecure.

The days of safe Mac computing may well be numbered. We all expect the targeting to increase as the Mac's market share increases.

It's only a matter of time, but as long as you remain security conscious, the Mac is still currently the safest platform.

Posted on March 20, 2010 by Jonathan Green and tagged Apple Mac OSX vulnerabilities.

Safari Browser Update

Apple has just released a new security update for Safari, via its Software Update service.

This update is recommended for all Safari users and includes improvements to performance, stability, and security including:

Performance improvements for Top Sites
Stability improvements for 3rd-party plug-ins
Stability improvements for websites with online forms and Scalable Vector Graphics
Fixes an issue that prevented Safari from changing settings on some Linksys routers
Fixes an issue that prevented some iWork.com users from commenting on documents

For detailed information on the security content of this update, please visit this site:http://support.apple.com/kb/HT1222.

Please update your Macs.

Posted on March 12, 2010 by Jonathan Green and tagged Apple Safari security updates software update.