Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!
Posted on February 26th, 2013 at 10:09 PM EST
Although it has not attained the same level of danger as Java, Flash is back in the news today due to vulnerabilities. Adobe has issued a Flash update, saying that the vulnerabilities fixed are currently being exploited in the wild. This patch is considered to be of the highest priority. All users of Flash are advised to update immediately. Read the rest of this entry »
Posted on February 25th, 2013 at 10:37 AM EST
Once again, Java is in the news after new vulnerabilities have been found. Adam Gowdiak, of Security Explorations, has reported to Softpedia the discovery of two new issues in Java. These issues can, when used together, allow an attacker to once again bypass the Java sandbox altogether and gain access to the user’s machine through a malicious Java applet embedded in a web site. Read the rest of this entry »
Posted on February 20th, 2013 at 7:27 PM EST
Welcome to The Safe Mac! Over the next few days, I will be changing the name and look of this site, as well as moving it to a new domain (www.thesafemac.com). The old address will still work, as will old links. Please forgive any issues during the “construction” process! Read the rest of this entry »
Posted on February 19th, 2013 at 5:47 PM EST
This has been quite an interesting month in security news. Multiple major companies have been hacked, including Apple themselves, and there are rumors of yet another new bit of malware for the Mac. Yet all is still rather unclear. Is this all related? It’s probably too soon to say for sure, but I am guessing that it may be. Read the rest of this entry »
Posted on February 13th, 2013 at 2:11 PM EST
Intego announced today the discovery of a new Mac trojan, which they are calling OSX/CallMe.A. This malware is spread through maliciously-crafted Microsoft Word documents that, when opened, result in a backdoor being installed. The backdoor in question sounds very simple, giving the hackers the ability to run commands (through a bash shell) and steal the user’s Address Book data.
Posted on February 12th, 2013 at 5:53 PM EST
After testing many different anti-virus programs over the last few months, I found something that disturbed me greatly. MacScan, made by SecureMac, is one of only a very few Mac-only anti-malware tools. It has a long history with the Mac, having been around since the very first versions of Mac OS X. Unfortunately, it failed my tests abysmally! The question that came to mind immediately was: why? Read the rest of this entry »
Posted on February 11th, 2013 at 9:47 PM EST
This weekend, I got my hands on a variant of the SMSSend malware. What I found was very interesting, and very concerning. After examining it, it’s evident that the malware is still evolving and is still an active threat. Worst of all: it seems to be capable of slipping past the current version of the built-in anti-malware security in Mac OS X (aka, XProtect)! Read the rest of this entry »
Posted on February 7th, 2013 at 10:20 PM EST
Adobe announced today the release of a Flash Player update, fixing a vulnerability that they say is being exploited “in the wild” to drop malware on Macs. To cite an important portion of Adobe’s announcement, “Adobe is [...] aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform.” Read the rest of this entry »
Posted on February 2nd, 2013 at 9:04 AM EST
The latest in a long string of sites to be hacked, Twitter reports that they were hacked and the account information for 250,000 users was captured. Twitter says they have reset the passwords for affected users and sent explanatory e-mail messages to all of them. However, I would not advise assuming that you are safe if you did not have your password reset. The attackers could have accessed more data than Twitter realizes. Conversely, I would not advise clicking links in any e-mail messages you receive, as they may not actually come from Twitter. This sort of situation invariably leads to phishing attempts, as other hackers try to trick users into revealing passwords. All users of Twitter should immediately change their passwords. Log in to Twitter.com, click the gear icon (in the top right corner of the page) and choose Settings from the menu that appears, then click Password on the left side of the page.
Posted on February 1st, 2013 at 3:27 PM EST
Oracle has just released Java 7 update 13, which is undoubtedly welcome news to Mac users who have been prevented from using Java, or any users who refused to use Java in its vulnerable state. One would assume that it fixes the vulnerabilities that have been in the news for the last few weeks. Unfortunately, at the moment, assuming is all we can do, as the Oracle Java SE Critical Patch Update Advisory contains no actual information. Hopefully, that information should be available soon.