Vulnerabilities / Threats
5/25/2011
02:07 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Apple Promises MacDefender Fix

The impact of rogue security software attacks like MacDefender has prompted Apple to issue advice about the malware and to commit to issuing a software fix.

Building The Mac Office
(click image for larger view)
Slideshow: Building The Mac Office
After years of insisting that Mac OS X is more secure than Windows, Apple on Tuesday acknowledged that its systems may be affected by security issues too.

The company posted a support article on its website offering advice about how to avoid or remove MacDefender, fake security software that attempts to convince users to pay as much as $80 to remove malware that isn't actually present on users' machines.

Apple also said it plans to issue a software update shortly that will automatically find and remove non-infectious software components that MacDefender and its variants actually do deposit on affected Macs, such as aliases in the Login Items folder.

In so doing, Apple appears to have abandoned its previous practice of downplaying security issues, a tendency exemplified by the company's decision to remove a support webpage advocating the use of antivirus software in late 2008. The Web page was only up for about two weeks when Apple removed it.

Security software companies, which had been predicting more Mac malware for several years without much to show for it, saw Apple's recognition of the need for antivirus software, however brief, as vindication of their claims.

Apple meanwhile, in an uncharacteristic response to a question about security, insisted the whole incident was merely house cleaning. "We have removed the KnowledgeBase article because it was old and inaccurate," an Apple spokesperson said in an emailed statement in 2008. "The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100% immune from every threat, running antivirus software may offer additional protection."

In addition to downplaying security risks, Apple has been telling its support personnel to avoid advising customers about how to resolve security problems. The company's Apple Care representatives were told, "Explain that Apple does not make recommendations for specific software to assist in removing malware," according to internal documents obtained by ZDNet.

With Apple's recognition of the threat posed by MacDefender, security companies appear to be delighted. Chester Wisniewski, a security researcher at Sophos, a U.K.-based security vendor that makes Mac OS X security software, published a blog post welcoming Apple to the security community and tweaking the company for referring to MacDefender as a phishing scam, where blame belongs with gullible users rather than vulnerable software.

"We have observed that most users are being infected through malicious Web pages that are turning up in Google Image searches," wrote Wisniewski. "The malicious Web pages display a fake security scanner convincing the victim to load a program that is in fact malware."

MacDefender, which also appears under the names MacProtector and MacSecurity, utilizes JavaScript to present simulated Mac OS X dialog windows, through which it attempts to convince users that a computer infection exists.

Security concerns give many companies pause as they consider migrating portions of their IT operations to cloud-based services. But you can stay safe in the cloud, as this Tech Center report explains. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4262
Published: 2014-07-28
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-...

CVE-2013-4840
Published: 2014-07-28
Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors.

CVE-2013-7393
Published: 2014-07-28
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions...

CVE-2014-2974
Published: 2014-07-28
Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

CVE-2014-2975
Published: 2014-07-28
Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.