Vulnerabilities / Threats
5/25/2011
02:07 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Apple Promises MacDefender Fix

The impact of rogue security software attacks like MacDefender has prompted Apple to issue advice about the malware and to commit to issuing a software fix.

Building The Mac Office
(click image for larger view)
Slideshow: Building The Mac Office
After years of insisting that Mac OS X is more secure than Windows, Apple on Tuesday acknowledged that its systems may be affected by security issues too.

The company posted a support article on its website offering advice about how to avoid or remove MacDefender, fake security software that attempts to convince users to pay as much as $80 to remove malware that isn't actually present on users' machines.

Apple also said it plans to issue a software update shortly that will automatically find and remove non-infectious software components that MacDefender and its variants actually do deposit on affected Macs, such as aliases in the Login Items folder.

In so doing, Apple appears to have abandoned its previous practice of downplaying security issues, a tendency exemplified by the company's decision to remove a support webpage advocating the use of antivirus software in late 2008. The Web page was only up for about two weeks when Apple removed it.

Security software companies, which had been predicting more Mac malware for several years without much to show for it, saw Apple's recognition of the need for antivirus software, however brief, as vindication of their claims.

Apple meanwhile, in an uncharacteristic response to a question about security, insisted the whole incident was merely house cleaning. "We have removed the KnowledgeBase article because it was old and inaccurate," an Apple spokesperson said in an emailed statement in 2008. "The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100% immune from every threat, running antivirus software may offer additional protection."

In addition to downplaying security risks, Apple has been telling its support personnel to avoid advising customers about how to resolve security problems. The company's Apple Care representatives were told, "Explain that Apple does not make recommendations for specific software to assist in removing malware," according to internal documents obtained by ZDNet.

With Apple's recognition of the threat posed by MacDefender, security companies appear to be delighted. Chester Wisniewski, a security researcher at Sophos, a U.K.-based security vendor that makes Mac OS X security software, published a blog post welcoming Apple to the security community and tweaking the company for referring to MacDefender as a phishing scam, where blame belongs with gullible users rather than vulnerable software.

"We have observed that most users are being infected through malicious Web pages that are turning up in Google Image searches," wrote Wisniewski. "The malicious Web pages display a fake security scanner convincing the victim to load a program that is in fact malware."

MacDefender, which also appears under the names MacProtector and MacSecurity, utilizes JavaScript to present simulated Mac OS X dialog windows, through which it attempts to convince users that a computer infection exists.

Security concerns give many companies pause as they consider migrating portions of their IT operations to cloud-based services. But you can stay safe in the cloud, as this Tech Center report explains. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0607
Published: 2014-07-24
Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file.

CVE-2014-1419
Published: 2014-07-24
Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.

CVE-2014-2360
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.

CVE-2014-2361
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.

CVE-2014-2362
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.