An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Page 12 of 12 1 2 10 11 12
Re: thunderstrike revisited
Virtual1 #35397 08/05/15 02:29 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: thunderstrike revisited
jchuzi #35405 08/06/15 11:57 AM
Joined: Aug 2009
Offline

Joined: Aug 2009

So is Apple abandoning security update for (current os - 1) ?


I work for the Department of Redundancy Department
Fake Safari update installs MacKeeper, ZipCloud
Hal Itosis #35407 08/06/15 02:47 PM
Joined: Aug 2009
Offline

Joined: Aug 2009


I work for the Department of Redundancy Department
Re: thunderstrike revisited
jchuzi #35408 08/06/15 02:50 PM
Joined: Aug 2009
Offline

Joined: Aug 2009

More information here:

https://blog.malwarebytes.org/mac/2015/07/privilege-escalation-vulnerability-found-in-os-x/

Quote:
Fortunately, the bug only exists in Yosemite (OS X 10.10), while previous versions of OS X and betas of El Capitan (OS X 10.11) are unaffected.

Quote:
The bigger problem in this story is the fact that this vulnerability, along with all the necessary information to exploit it, was disclosed by Esser without any effort to alert Apple to the problem. (In his blog post revealing the vulnerability, Esser says “At the moment it is unclear if Apple knows about this security problem or not.”)

Oh, what a nice guy...


I work for the Department of Redundancy Department
Re: thunderstrike revisited
Virtual1 #35409 08/06/15 04:28 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Good info, V1, thanks!

Alas, now I wonder if I should or need to remove MalwareBytes Anti-Malware. confused

Waddya think?


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: thunderstrike revisited
Virtual1 #35410 08/06/15 04:44 PM
Joined: Aug 2009
Likes: 3
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 3

Originally Posted By: Virtual1
So is Apple abandoning security update for (current os - 1) ?

It appears that the vulnerability doesn't exist in prior OS versions.



dkmarsh—member, FineTunedMac Co-op Board of Directors
Re: thunderstrike revisited
Pendragon #35424 08/07/15 05:02 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Originally Posted By: Pendragon
... now I wonder if I should or need to remove MalwareBytes Anti-Malware. confused

Waddya think?

I may be missing something, but I fail to see the logic of removing MAM in this context. After all, MAM is only the messenger here. Shooting it isn’t going to do much for you, quite probably to the contrary. Remember, MAM is essentially a monitor, until you tell it to do something specific. So far, there is no indication that any of its actions are deleterious in and by themselves (other than to the affected malware, that is). Beyond that, just as surgery may require rehab, that may also apply to malware removal, i.e. reinstalling malware-affected software etc.


alternaut moderator
Re: thunderstrike revisited
Virtual1 #35428 08/07/15 09:19 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
The problem was partially, but not completely, fixed in 10.10.4. It is completely fixed in 10.10.5, which is now being seeded to Apple developers.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: thunderstrike revisited
tacit #35540 08/16/15 01:32 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7

Last edited by jchuzi; 08/16/15 01:32 PM.

Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: thunderstrike revisited
jchuzi #35566 08/17/15 12:19 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
wheeeee! so now they can patch the patch that patched the patch!


I work for the Department of Redundancy Department
Re: thunderstrike revisited
Virtual1 #35590 08/17/15 11:17 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
Here's another: New Zero-Day memory injection vulnerability discovered in OS X Quote: "As with other exploits for OS X, this does require you download a faulty and malicious program, and then run this program."


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: thunderstrike revisited
jchuzi #35595 08/18/15 01:27 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Originally Posted By: jchuzi
Here's another: New Zero-Day memory injection vulnerability discovered in OS X Quote: "As with other exploits for OS X, this does require you download a faulty and malicious program, and then run this program."


Quote:
As a result, you might be better off waiting for an official fix from Apple, and in the mean time simply observe good computing practices and avoid running any program unless you know exactly where it came from and understand its purpose. By simply doing this, you will be very well protected from this and practically all other exploits for OS X, which similarly require you initially download and run some unknown program.

My my, they certainly do close with quite the broad statement there...


I work for the Department of Redundancy Department
Genieo again
Virtual1 #35862 09/02/15 03:17 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: Genieo again
jchuzi #35863 09/02/15 03:28 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
I just checked MalwareBytes-Anti Malware v1.0.2.8, and it checks for Genieo. Well, at least the run routine indicates that it does.

Of course, should such be discovered, the cure/remediation is another issue...


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: THE CYBER-SECURITY THREAD
Hal Itosis #46645 10/16/17 02:47 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
The disclosure of the KRACK WiFi vulnerability affecting WPA2 WiFi security (read: WiFi using devices) looks like a good occasion to revive this thread. Fixing this vulnerability ultimately depends on software/firmware updates, so keep an eye out for those.


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #46646 10/16/17 07:54 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
The linked article also contains the following Apple update
Quote:
Update: Apple said in a statement that all current iOS, macOS, watchOS, and tvOS betas include a fix for KRACK.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: THE CYBER-SECURITY THREAD
alternaut #46650 10/17/17 12:47 AM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: alternaut
Fixing this vulnerability ultimately depends on software/firmware updates, so keep an eye out for those.

Thanks for this.I not only keep up to date but also, when at home, I am tied to an ethernet feed. If I'm away and stuck with wi-fi, I simply do not access my banking; do not use any other sites involving confidential information; do not make any on-line purchases. I use wi-fi at home for my iPad but follow the same rules as when away.

Last edited by ryck; 10/17/17 12:49 AM.

ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: THE CYBER-SECURITY THREAD
joemikeb #46651 10/17/17 01:21 AM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Originally Posted By: joemikeb
The linked article also contains the following Apple update
Quote:
Update: Apple said in a statement that all current iOS, macOS, watchOS, and tvOS betas include a fix for KRACK.

Thanks for pointing that out; apparently the article has been updated as new info became available. That said, at this point Apple’s updates are beta stage only and not readily available for the average user: the wait is still for the final versions.
And about as important is the question whether/when Apple will make patches available for its (discontinued) WiFi routers. Of course, non-Apple routers will need to be patched as well.



alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #46701 10/26/17 06:29 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
Keranger: the first “in-the-wild” ransomware for Macs. But certainly not the last. Note that this post is called "sponsored", and that, near the end, there is a link to Bitdefender. Should this be taken with the proverbial grain of salt?


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: THE CYBER-SECURITY THREAD
jchuzi #46705 10/26/17 11:17 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Originally Posted By: jchuzi
Note that this post is called "sponsored", and that, near the end, there is a link to Bitdefender. Should this be taken with the proverbial grain of salt?

It never hurts to keep that grain of salt in mind, but that being said, this threat is real and people(s computers) do get hit by it, even though the odds may be small. E.g., last week it turned out that Elmedia software updaters for its Player and Folx software were infected by the OSXProton malware after a hack of the updater server. If you recently updated Elmedia Player and/or Folx, you should definitely make sure you’re not infected. The article I linked to above was published by Malwarebytes Labs, and suggested Malwarebytes for Mac to deal with the infection. Nothing wrong with that, as long as these things are out in the open for the consumer to decide.

And since we’re on the topic of what to do about such infections, here’s yet another recent link that might come in handy: What to do when ransomware strikes your Mac.


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #46841 11/13/17 07:40 AM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Security Breach and Spilled Secrets Have Shaken the NSA to Its Core

• Leaks of the National Security Agency’s cyberweapons have damaged morale, slowed operations and resulted in hacks on businesses and civilians worldwide.

• Current and former officials say disclosures by a mysterious group that obtained NSA tools have been catastrophic, calling into question the agency’s value to national security.


Re: THE CYBER-SECURITY THREAD
Hal Itosis #58579 04/28/21 02:33 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Earlier this week Patrick Wardle (Objective-See) published his 100th blog post All Your Macs Are Belong To Us about the serious flaw underlying the recent "macOS Gatekeeper Bypass (2021)”, which was fixed by Apple in the macOS 11.3 update. It makes for some interesting reading, to say the least.

That said, note that (the current version of) Wardle’s utility BlockBlock already provided protection against the current zeroday malware installer exploit(s). In addition to this, he is working on free books under the title The Art Of Mac Malware, which may be of interest to those of you wanting to know more about this topic.


alternaut moderator
Page 12 of 12 1 2 10 11 12

Moderated by  alternaut, cyn 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.038s Queries: 58 (0.029s) Memory: 0.7013 MB (Peak: 0.8465 MB) Data Comp: Zlib Server Time: 2024-03-28 15:59:56 UTC
Valid HTML 5 and Valid CSS