Vulnerabilities / Threats
5/25/2011
02:07 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Apple Promises MacDefender Fix

The impact of rogue security software attacks like MacDefender has prompted Apple to issue advice about the malware and to commit to issuing a software fix.

Building The Mac Office
(click image for larger view)
Slideshow: Building The Mac Office
After years of insisting that Mac OS X is more secure than Windows, Apple on Tuesday acknowledged that its systems may be affected by security issues too.

The company posted a support article on its website offering advice about how to avoid or remove MacDefender, fake security software that attempts to convince users to pay as much as $80 to remove malware that isn't actually present on users' machines.

Apple also said it plans to issue a software update shortly that will automatically find and remove non-infectious software components that MacDefender and its variants actually do deposit on affected Macs, such as aliases in the Login Items folder.

In so doing, Apple appears to have abandoned its previous practice of downplaying security issues, a tendency exemplified by the company's decision to remove a support webpage advocating the use of antivirus software in late 2008. The Web page was only up for about two weeks when Apple removed it.

Security software companies, which had been predicting more Mac malware for several years without much to show for it, saw Apple's recognition of the need for antivirus software, however brief, as vindication of their claims.

Apple meanwhile, in an uncharacteristic response to a question about security, insisted the whole incident was merely house cleaning. "We have removed the KnowledgeBase article because it was old and inaccurate," an Apple spokesperson said in an emailed statement in 2008. "The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100% immune from every threat, running antivirus software may offer additional protection."

In addition to downplaying security risks, Apple has been telling its support personnel to avoid advising customers about how to resolve security problems. The company's Apple Care representatives were told, "Explain that Apple does not make recommendations for specific software to assist in removing malware," according to internal documents obtained by ZDNet.

With Apple's recognition of the threat posed by MacDefender, security companies appear to be delighted. Chester Wisniewski, a security researcher at Sophos, a U.K.-based security vendor that makes Mac OS X security software, published a blog post welcoming Apple to the security community and tweaking the company for referring to MacDefender as a phishing scam, where blame belongs with gullible users rather than vulnerable software.

"We have observed that most users are being infected through malicious Web pages that are turning up in Google Image searches," wrote Wisniewski. "The malicious Web pages display a fake security scanner convincing the victim to load a program that is in fact malware."

MacDefender, which also appears under the names MacProtector and MacSecurity, utilizes JavaScript to present simulated Mac OS X dialog windows, through which it attempts to convince users that a computer infection exists.

Security concerns give many companies pause as they consider migrating portions of their IT operations to cloud-based services. But you can stay safe in the cloud, as this Tech Center report explains. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Why else would HR ask me if I have a handicap?"
Current Issue
The Changing Face of Identity Management
Mobility and cloud services are altering the concept of user identity. Here are some ways to keep up.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.