Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!
Posted on September 10th, 2013 at 2:47 PM EST
It has been a little more than a year since the last new variant of the Tibet malware was discovered, but today, Intego reported that a fourth variant has been found. They are calling this new variant OSX/Tibet.D. There are a few important lessons we can learn from this malware. Read the rest of this entry »
Posted on August 29th, 2013 at 4:38 PM EST
I’ve said it before, and I’m sure I’ll say it again more than once: someone with physical access to your Mac can do just about anything they like. There are, of course, limitations to that, but this topic comes up now because the creators of Metasploit have given the Mac community a bit of a poke. By adding it to their penetration testing framework, they have reminded us of a 5-month-old bug in the system that could give an attacker unrestricted access to your system. Read the rest of this entry »
Posted on June 18th, 2013 at 8:43 PM EST
This still doesn’t change my opinion that Java needs to be avoided. These fixes came after almost two months of vulnerability, and Java has had a recent history of becoming vulnerable again within days of each fix. We’ll see how things fall out at this point, but I don’t have high hopes. If you have to use Java in your web browser, though, you should not delay installing this update. Be cautious, though, as some Java applets may not function well (or at all) with the update, so check compatibility beforehand. Of course, that may leave you in the unenviable position of having to choose between staying vulnerable and losing access to the applet that you need Java for in the first place.
Posted on June 11th, 2013 at 9:29 PM EST
Microsoft issued an update for Office 2011 today that could lead to code execution by simply opening a maliciously-crafted Office document. As with today’s Flash update, there’s no currently known Mac malware taking advantage of this, but there’s no sense letting it appear before you take action. If you’re using Office 2011, update it immediately!
Posted on June 11th, 2013 at 9:24 PM EST
Adobe released an updated version of Flash Player today to fix a vulnerability that could allow an attacker to execute malicious code on a user’s system. Fortunately, there’s no Mac malware known to be taking advantage of this, and Apple will probably use their XProtect software to block vulnerable versions of Flash soon. Nonetheless, all users of Flash should update immediately. Those running Chrome will have its built-in copy of Flash updated automatically, and need not have Flash installed separately.
Posted on April 25th, 2013 at 1:59 PM EST
F-Secure has blogged today about a slightly new variant of CallMe that has been seen in the wild. Everything about the malware seems to be the same, except for file names and the command server that the malware “calls home” to. This is certainly small news, but it does show that this malware is still in active distribution, at least. Read the rest of this entry »
Posted on March 15th, 2013 at 10:02 AM EST
Apple posted a couple updates yesterday with some very important security content, and I advise updating as soon as you can. Both Mac OS X 10.8.3 and Security Update 2013-001, available for both Snow Leopard and Lion, contain a number of important security updates. However, one in particular is likely to cause the hair to stand up on the back of the neck of anyone who has been following the saga of Java’s recent descent into vulnerability perdition. Read the rest of this entry »
Posted on March 7th, 2013 at 5:12 PM EST
Every year, at the CanSecWest security conference, an infamous competition is held, called Pwn2Own. The basic idea of the contest is to “pwn,” or hack, different web browsers or technologies. Hacks must involve previously unknown vulnerabilities, and winners not only get a sizable cash prize, but they also win the computer that they hacked (thus the “Pwn2Own” name). Read the rest of this entry »
Posted on March 1st, 2013 at 6:07 PM EST
According to ThreatPost, yet another new Java vulnerability has been discovered. Do I really have to say what I’ve said a thousand times before? Nah, there are only so many times one can beat a dead horse. Disable Java in your web browser, or it’s probably only a matter of time before you get infected with something.
Posted on February 25th, 2013 at 10:37 AM EST
Once again, Java is in the news after new vulnerabilities have been found. Adam Gowdiak, of Security Explorations, has reported to Softpedia the discovery of two new issues in Java. These issues can, when used together, allow an attacker to once again bypass the Java sandbox altogether and gain access to the user’s machine through a malicious Java applet embedded in a web site. Read the rest of this entry »