OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

Critical updates for nearly all Apple devices

Posted on April 23rd, 2014 at 7:50 AM EDT

Yesterday, Apple released updates for nearly all their devices. Mac OS X, iOS 7, Apple TV and Apple’s AirPort Extreme and Time Capsule base stations all received updates. All users are advised to do two things immediately: 1) back up your devices, and then 2) install all available updates.
Read the rest of this entry »

6 Comments

What is Heartbleed?

Posted on April 10th, 2014 at 6:31 AM EDT

Tech news sources everywhere are talking about Heartbleed, and a lot of the information is way over most people’s heads. I’ve seen a lot of very confused people in the last 48 hours. This problem is both a huge issue that is causing major problems and a complete non-issue that you don’t have to worry much about. (See how that could be confusing?)
Read the rest of this entry »

22 Comments

Beware opening RTF files in Office 2011

Posted on March 27th, 2014 at 3:06 PM EDT

Earlier this week (while I was out of town, of course!), Microsoft announced a vulnerability in Office that would allow a maliciously-crafted RTF file to execute code automatically when opened. Office 2011 for Mac is listed as being vulnerable. There are already exploits using this bug to install malware on Windows, but it’s unclear on whether this might also affect the Mac. Probably not, if I had to guess, but just to be safe, disable opening of RTF files in Office 2011 for now.

5 Comments

Apple’s “gotofail” SSL bug

Posted on February 24th, 2014 at 12:49 PM EST

On Friday, Apple released a security update for iOS 6 and 7 that has caused a quite a stir in the security community. The update fixes a vulnerability in SSL – the technology that is used to encrypt data over many secure network connections – that could allow an attacker to intercept and access that data. This is a very serious matter, and iOS should be updated immediately… but only while on a secured network! Do not update while on an open wifi network!
Read the rest of this entry »

23 Comments

Kaspersky reveals “The Mask”

Posted on February 11th, 2014 at 12:30 PM EST

Last week, Kaspersky posted a rather vague note about new malware they called “The Mask,” which they said was “one of the most advanced threats at the moment.” They withheld further information until yesterday, when they revealed their findings at a Kaspersky-sponsored conference, the Security Analyst Summit. This information can be found in a document titled ‘Unveiling “Careto” – the masked APT.’ After studying this document, I am forced to call into serious question Kaspersky’s claims… and their responsibility as a member of the security community.
Read the rest of this entry »

4 Comments

Apple blocks Flash following security update

Posted on February 5th, 2014 at 9:36 AM EST

Apple has updated the XProtect security system in Mac OS X to block all versions of Adobe Flash Player prior to 12.0.0.44. This was done in response to a critical security update released by Adobe, fixing a vulnerability that was being exploited in the wild. Users of Chrome should have their Flash plugin updated automatically. Users of other browsers, with Flash installed in the system, may have Flash updated automatically or may need to install an update manually, depending on the settings.
Read the rest of this entry »

2 Comments

Vulnerability found in older iSight cameras

Posted on December 19th, 2013 at 7:46 AM EST

Researchers Matthew Brocker and Stephen Checkoway, of Johns Hopkins University, have discovered a vulnerability in the iSight webcams found in older Macs. All Macs with a webcam include a small green light next to the webcam, designed to turn on any time the camera is capturing images. The light is controlled by hardware, and is supposed to be unhackable, providing a warning in case someone is trying to surreptitiously capture video. Unfortunately, the discovered vulnerability allowed creation of an application that can capture video from the webcam without enabling the warning light!
Read the rest of this entry »

9 Comments

Another Tibet variant appears

Posted on September 10th, 2013 at 2:47 PM EDT

It has been a little more than a year since the last new variant of the Tibet malware was discovered, but today, Intego reported that a fourth variant has been found. They are calling this new variant OSX/Tibet.D. There are a few important lessons we can learn from this malware.
Read the rest of this entry »

2 Comments

Be careful who handles your Mac!

Posted on August 29th, 2013 at 4:38 PM EDT

I’ve said it before, and I’m sure I’ll say it again more than once: someone with physical access to your Mac can do just about anything they like. There are, of course, limitations to that, but this topic comes up now because the creators of Metasploit have given the Mac community a bit of a poke. By adding it to their penetration testing framework, they have reminded us of a 5-month-old bug in the system that could give an attacker unrestricted access to your system.
Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.

Major Java update brings 40 bug fixes

Posted on June 18th, 2013 at 8:43 PM EDT

This still doesn’t change my opinion that Java needs to be avoided. These fixes came after almost two months of vulnerability, and Java has had a recent history of becoming vulnerable again within days of each fix. We’ll see how things fall out at this point, but I don’t have high hopes. If you have to use Java in your web browser, though, you should not delay installing this update. Be cautious, though, as some Java applets may not function well (or at all) with the update, so check compatibility beforehand. Of course, that may leave you in the unenviable position of having to choose between staying vulnerable and losing access to the applet that you need Java for in the first place.

2 Comments