Re: thunderstrike revisited
|
Joined: Aug 2009
Likes: 7
|
Joined: Aug 2009
Likes: 7 |
Jon
macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
|
|
Re: thunderstrike revisited
|
|
Joined: Aug 2009
|
So is Apple abandoning security update for (current os - 1) ?
I work for the Department of Redundancy Department
|
|
Fake Safari update installs MacKeeper, ZipCloud
|
|
Joined: Aug 2009
|
I work for the Department of Redundancy Department
|
|
Re: thunderstrike revisited
|
|
Joined: Aug 2009
|
More information here: https://blog.malwarebytes.org/mac/2015/07/privilege-escalation-vulnerability-found-in-os-x/Fortunately, the bug only exists in Yosemite (OS X 10.10), while previous versions of OS X and betas of El Capitan (OS X 10.11) are unaffected. The bigger problem in this story is the fact that this vulnerability, along with all the necessary information to exploit it, was disclosed by Esser without any effort to alert Apple to the problem. (In his blog post revealing the vulnerability, Esser says “At the moment it is unclear if Apple knows about this security problem or not.â€) Oh, what a nice guy...
I work for the Department of Redundancy Department
|
|
Re: thunderstrike revisited
|
|
Joined: Aug 2009
|
Good info, V1, thanks! Alas, now I wonder if I should or need to remove MalwareBytes Anti-Malware. Waddya think?
Harv 27" i7 iMac (10.13.6), iPhone Xs Max (12.1)
Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: thunderstrike revisited
|
Joined: Aug 2009
Likes: 3
Moderator
|
Moderator
Joined: Aug 2009
Likes: 3 |
So is Apple abandoning security update for (current os - 1) ? It appears that the vulnerability doesn't exist in prior OS versions.
dkmarsh—member, FineTunedMac Co-op Board of Directors
|
|
Re: thunderstrike revisited
|
Joined: Aug 2009
Likes: 1
Moderator
|
Moderator
Joined: Aug 2009
Likes: 1 |
... now I wonder if I should or need to remove MalwareBytes Anti-Malware. Waddya think? I may be missing something, but I fail to see the logic of removing MAM in this context. After all, MAM is only the messenger here. Shooting it isn’t going to do much for you, quite probably to the contrary. Remember, MAM is essentially a monitor, until you tell it to do something specific. So far, there is no indication that any of its actions are deleterious in and by themselves (other than to the affected malware, that is). Beyond that, just as surgery may require rehab, that may also apply to malware removal, i.e. reinstalling malware-affected software etc.
alternaut ◉ moderator
|
|
Re: thunderstrike revisited
|
Joined: Aug 2009
Likes: 1
|
Joined: Aug 2009
Likes: 1 |
The problem was partially, but not completely, fixed in 10.10.4. It is completely fixed in 10.10.5, which is now being seeded to Apple developers.
|
|
Re: thunderstrike revisited
|
Joined: Aug 2009
Likes: 7
|
Joined: Aug 2009
Likes: 7 |
Last edited by jchuzi; 08/16/15 01:32 PM.
Jon
macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
|
|
Re: thunderstrike revisited
|
|
Joined: Aug 2009
|
wheeeee! so now they can patch the patch that patched the patch!
I work for the Department of Redundancy Department
|
|
Re: thunderstrike revisited
|
Joined: Aug 2009
Likes: 7
|
Joined: Aug 2009
Likes: 7 |
Here's another: New Zero-Day memory injection vulnerability discovered in OS X Quote: "As with other exploits for OS X, this does require you download a faulty and malicious program, and then run this program."
Jon
macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
|
|
Re: thunderstrike revisited
|
|
Joined: Aug 2009
|
As a result, you might be better off waiting for an official fix from Apple, and in the mean time simply observe good computing practices and avoid running any program unless you know exactly where it came from and understand its purpose. By simply doing this, you will be very well protected from this and practically all other exploits for OS X, which similarly require you initially download and run some unknown program. My my, they certainly do close with quite the broad statement there...
I work for the Department of Redundancy Department
|
|
Genieo again
|
Joined: Aug 2009
Likes: 7
|
Joined: Aug 2009
Likes: 7 |
Jon
macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
|
|
Re: Genieo again
|
|
Joined: Aug 2009
|
I just checked MalwareBytes-Anti Malware v1.0.2.8, and it checks for Genieo. Well, at least the run routine indicates that it does.
Of course, should such be discovered, the cure/remediation is another issue...
Harv 27" i7 iMac (10.13.6), iPhone Xs Max (12.1)
Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 1
Moderator
|
Moderator
Joined: Aug 2009
Likes: 1 |
The disclosure of the KRACK WiFi vulnerability affecting WPA2 WiFi security (read: WiFi using devices) looks like a good occasion to revive this thread. Fixing this vulnerability ultimately depends on software/firmware updates, so keep an eye out for those.
alternaut ◉ moderator
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 16
Moderator
|
Moderator
Joined: Aug 2009
Likes: 16 |
The linked article also contains the following Apple update Update: Apple said in a statement that all current iOS, macOS, watchOS, and tvOS betas include a fix for KRACK.
If we knew what it was we were doing, it wouldn't be called research, would it?
— Albert Einstein
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 14
|
Joined: Aug 2009
Likes: 14 |
Fixing this vulnerability ultimately depends on software/firmware updates, so keep an eye out for those. Thanks for this.I not only keep up to date but also, when at home, I am tied to an ethernet feed. If I'm away and stuck with wi-fi, I simply do not access my banking; do not use any other sites involving confidential information; do not make any on-line purchases. I use wi-fi at home for my iPad but follow the same rules as when away.
Last edited by ryck; 10/17/17 12:49 AM.
ryck
"What Were Once Vices Are Now Habits" The Doobie Brothers
iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4 OS Sonoma 14.4.1 Canon Pixma TR 8520 Printer Epson Perfection V500 Photo Scanner c/w VueScan software TM on 1TB LaCie USB-C
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 1
Moderator
|
Moderator
Joined: Aug 2009
Likes: 1 |
The linked article also contains the following Apple update Update: Apple said in a statement that all current iOS, macOS, watchOS, and tvOS betas include a fix for KRACK. Thanks for pointing that out; apparently the article has been updated as new info became available. That said, at this point Apple’s updates are beta stage only and not readily available for the average user: the wait is still for the final versions. And about as important is the question whether/when Apple will make patches available for its (discontinued) WiFi routers. Of course, non-Apple routers will need to be patched as well.
alternaut ◉ moderator
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 7
|
Joined: Aug 2009
Likes: 7 |
Keranger: the first “in-the-wild†ransomware for Macs. But certainly not the last. Note that this post is called "sponsored", and that, near the end, there is a link to Bitdefender. Should this be taken with the proverbial grain of salt?
Jon
macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 1
Moderator
|
Moderator
Joined: Aug 2009
Likes: 1 |
Note that this post is called "sponsored", and that, near the end, there is a link to Bitdefender. Should this be taken with the proverbial grain of salt? It never hurts to keep that grain of salt in mind, but that being said, this threat is real and people(s computers) do get hit by it, even though the odds may be small. E.g., last week it turned out that Elmedia software updaters for its Player and Folx software were infected by the OSXProton malware after a hack of the updater server. If you recently updated Elmedia Player and/or Folx, you should definitely make sure you’re not infected. The article I linked to above was published by Malwarebytes Labs, and suggested Malwarebytes for Mac to deal with the infection. Nothing wrong with that, as long as these things are out in the open for the consumer to decide. And since we’re on the topic of what to do about such infections, here’s yet another recent link that might come in handy: What to do when ransomware strikes your Mac.
alternaut ◉ moderator
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 4
|
Joined: Aug 2009
Likes: 4 |
Security Breach and Spilled Secrets Have Shaken the NSA to Its Core• Leaks of the National Security Agency’s cyberweapons have damaged morale, slowed operations and resulted in hacks on businesses and civilians worldwide.
• Current and former officials say disclosures by a mysterious group that obtained NSA tools have been catastrophic, calling into question the agency’s value to national security.
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 1
Moderator
|
Moderator
Joined: Aug 2009
Likes: 1 |
Earlier this week Patrick Wardle ( Objective-See) published his 100th blog post All Your Macs Are Belong To Us about the serious flaw underlying the recent "macOS Gatekeeper Bypass (2021)â€, which was fixed by Apple in the macOS 11.3 update. It makes for some interesting reading, to say the least. That said, note that (the current version of) Wardle’s utility BlockBlock already provided protection against the current zeroday malware installer exploit(s). In addition to this, he is working on free books under the title The Art Of Mac Malware, which may be of interest to those of you wanting to know more about this topic.
alternaut ◉ moderator
|
|
|
|