A Photography forum. PhotoBanter.com

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PhotoBanter.com forum » Digital Photography » Digital Photography
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Mac users - be aware



 
 
Thread Tools Display Modes
  #1  
Old August 4th 15, 09:47 PM posted to rec.photo.digital
Eric Stevens
external usenet poster
 
Posts: 13,611
Default Mac users - be aware

http://www.theregister.co.uk/2015/08..._exploit_wild/

"The amusing vulnerability in Apple's OS X that grants
administrator-level access to anyone who asks is being exploited in
the wild by malware. Yeah, malware exists for Macs, this isn't the
1990s.

Anyone logged in to a vulnerable OS X computer, or any software
running on it, can use the security hole to gain the same privileges
as the powerful root user, meaning they can install new programs,
change files, remove or add new users, wreck the system, and so on, at
will.

According to Adam Thomas of Malwarebytes, dodgy software distributed
on the internet is now exploiting the vulnerability to inject the
VSearch and Genieo adware plus the MacKeeper junkware on to Macs, and
point users at an app to download from the official App Store."

... more
--

Regards,

Eric Stevens
  #2  
Old August 4th 15, 10:19 PM posted to rec.photo.digital
Savageduck[_3_]
external usenet poster
 
Posts: 16,487
Default Mac users - be aware

On 2015-08-04 20:47:33 +0000, Eric Stevens said:

http://www.theregister.co.uk/2015/08..._exploit_wild/

"The amusing vulnerability in Apple's OS X that grants
administrator-level access to anyone who asks is being exploited in
the wild by malware. Yeah, malware exists for Macs, this isn't the
1990s.

Anyone logged in to a vulnerable OS X computer, or any software
running on it, can use the security hole to gain the same privileges
as the powerful root user, meaning they can install new programs,
change files, remove or add new users, wreck the system, and so on, at
will.

According to Adam Thomas of Malwarebytes, dodgy software distributed
on the internet is now exploiting the vulnerability to inject the
VSearch and Genieo adware plus the MacKeeper junkware on to Macs, and
point users at an app to download from the official App Store."

... more


Thanks for the warning, but this is more of the usual FUD. Can you say
proof of concept, yet to be found in the wild.

--
Regards,

Savageduck

  #3  
Old August 4th 15, 10:48 PM posted to rec.photo.digital
nospam
external usenet poster
 
Posts: 24,165
Default Mac users - be aware

In article , Eric Stevens
wrote:

http://www.theregister.co.uk/2015/08..._exploit_wild/


enough with the register's linkbait bull****



According to Adam Thomas of Malwarebytes, dodgy software distributed
on the internet is now exploiting the vulnerability to inject the
VSearch and Genieo adware plus the MacKeeper junkware on to Macs, and
point users at an app to download from the official App Store."


no it isn't.

malwarebytes has a vested interest in scaring people to sell their crap.

for more accurate information, here's a very good summary:
http://tidbits.com/article/15841?

Wired has reported on new research being presented at this weekıs
Black Hat security conference on a proof-of-concept Mac worm that
could spread through the Macıs firmware, rather than software. While
Wiredıs piece makes this sound like a super worm capable of leaping
through air gaps and infecting the worldıs Macs, the reality is more
mundane. The research itself is excellent and fascinating work from
Trammell Hudson and Xeno Kovah, and as always we hope Apple patches
all the flaws quickly, but this isnıt something most Apple users need
to lose any sleep over.

....

Am I vulnerable?
Probably not. OS X 10.10.4 Yosemite breaks the proof-of-concept
demonstration. That doesnıt mean Macs are immune from firmware
attacks, but it does mean the current attack demonstration wonıt work
on Macs running the latest version of Yosemite.

....

Is this a new vulnerability?
Yes and no. The concept is based on earlier firmware vulnerabilities.
According to articles, five new vulnerabilities were reported to
Apple after the original Thunderstrike proof of concept. Of those,
one has been patched, one has been partially patched, and three more
are still being dealt with.

....

Is there anything I need to do?
No, nearly everyone can ignore Thunderstrike 2 entirely. The research
really is excellent, compelling work that the Wired piece
unfortunately turned into a bit a fright-fest. The Web attack vector,
in particular, is blocked in OS X 10.10.4. The worm canıt
automatically jump air gaps ‹ those in sensitive environments can
easily protect themselves by being careful where they source their
Thunderbolt devices, and this entire family of firmware attacks is
likely to become a lot more difficult as hardware improves, and as
device manufacturers update their firmware code.
  #4  
Old August 4th 15, 11:21 PM posted to rec.photo.digital
Eric Stevens
external usenet poster
 
Posts: 13,611
Default Mac users - be aware

On Tue, 4 Aug 2015 14:19:24 -0700, Savageduck
wrote:

On 2015-08-04 20:47:33 +0000, Eric Stevens said:

http://www.theregister.co.uk/2015/08..._exploit_wild/

"The amusing vulnerability in Apple's OS X that grants
administrator-level access to anyone who asks is being exploited in
the wild by malware. Yeah, malware exists for Macs, this isn't the
1990s.

Anyone logged in to a vulnerable OS X computer, or any software
running on it, can use the security hole to gain the same privileges
as the powerful root user, meaning they can install new programs,
change files, remove or add new users, wreck the system, and so on, at
will.

According to Adam Thomas of Malwarebytes, dodgy software distributed
on the internet is now exploiting the vulnerability to inject the
VSearch and Genieo adware plus the MacKeeper junkware on to Macs, and
point users at an app to download from the official App Store."

... more


Thanks for the warning, but this is more of the usual FUD. Can you say
proof of concept, yet to be found in the wild.


You should read the article to which I linked.

"According to Adam Thomas of Malwarebytes, dodgy software
distributed on the internet is now exploiting the vulnerability to
inject the VSearch and Genieo adware plus the MacKeeper junkware on
to Macs, and point users at an app to download from the official
App Store."

It doesn't sound easy to do but if Malwarebytes are into it, it's real
and out there.
--

Regards,

Eric Stevens
  #5  
Old August 4th 15, 11:27 PM posted to rec.photo.digital
Eric Stevens
external usenet poster
 
Posts: 13,611
Default Mac users - be aware

On Tue, 04 Aug 2015 17:48:38 -0400, nospam
wrote:

In article , Eric Stevens
wrote:

http://www.theregister.co.uk/2015/08..._exploit_wild/


enough with the register's linkbait bull****



According to Adam Thomas of Malwarebytes, dodgy software distributed
on the internet is now exploiting the vulnerability to inject the
VSearch and Genieo adware plus the MacKeeper junkware on to Macs, and
point users at an app to download from the official App Store."


no it isn't.

malwarebytes has a vested interest in scaring people to sell their crap.

for more accurate information, here's a very good summary:
http://tidbits.com/article/15841?

Wired has reported on new research being presented at this weekıs
Black Hat security conference on a proof-of-concept Mac worm that
could spread through the Macıs firmware, rather than software. While
Wiredıs piece makes this sound like a super worm capable of leaping
through air gaps and infecting the worldıs Macs, the reality is more
mundane. The research itself is excellent and fascinating work from
Trammell Hudson and Xeno Kovah, and as always we hope Apple patches
all the flaws quickly, but this isnıt something most Apple users need
to lose any sleep over.

...

Am I vulnerable?
Probably not. OS X 10.10.4 Yosemite breaks the proof-of-concept
demonstration. That doesnıt mean Macs are immune from firmware
attacks, but it does mean the current attack demonstration wonıt work
on Macs running the latest version of Yosemite.

...

Is this a new vulnerability?
Yes and no. The concept is based on earlier firmware vulnerabilities.
According to articles, five new vulnerabilities were reported to
Apple after the original Thunderstrike proof of concept. Of those,
one has been patched, one has been partially patched, and three more
are still being dealt with.

...

Is there anything I need to do?
No, nearly everyone can ignore Thunderstrike 2 entirely. The research
really is excellent, compelling work that the Wired piece
unfortunately turned into a bit a fright-fest. The Web attack vector,
in particular, is blocked in OS X 10.10.4. The worm canıt
automatically jump air gaps ‹ those in sensitive environments can
easily protect themselves by being careful where they source their
Thunderbolt devices, and this entire family of firmware attacks is
likely to become a lot more difficult as hardware improves, and as
device manufacturers update their firmware code.


It doesn't sound like the same thing.
--

Regards,

Eric Stevens
  #6  
Old August 4th 15, 11:56 PM posted to rec.photo.digital
nospam
external usenet poster
 
Posts: 24,165
Default Mac users - be aware

In article , Eric Stevens
wrote:

It doesn't sound easy to do but if Malwarebytes are into it, it's real
and out there.


it's also been fixed in 10.10.5.
  #7  
Old August 4th 15, 11:56 PM posted to rec.photo.digital
nospam
external usenet poster
 
Posts: 24,165
Default Mac users - be aware

In article , Eric Stevens
wrote:

It doesn't sound like the same thing.


true. the one malwarebytes is yapping about has already been fixed.
  #8  
Old August 5th 15, 12:19 AM posted to rec.photo.digital
Mayayana
external usenet poster
 
Posts: 1,514
Default Mac users - be aware

| You should read the article to which I linked.
|

It does sound rather mild. If someone downloads
and runs an installer, while running in lackey
mode with restrictions, that installer can bypass
the restrictions. "Elevation of privilege". Someone
still has to be sucked into running the installer.
Elevating privilege when already accessing the
machine is not such a big deal. (I've never even
run in lackey mode. It's too much hassle.)

What *would* be a big deal would be if Macs were
getting "driveby downloads" -- attacks like the
Flash bug at Yahoo this past week. Maybe Macs
do get them. I don't know. But I'm not aware of
any. On Windows with script/Flash/Acrobat enabled
it's a constant, real risk.


  #9  
Old August 5th 15, 01:38 AM posted to rec.photo.digital
Savageduck[_3_]
external usenet poster
 
Posts: 16,487
Default Mac users - be aware

On 2015-08-04 22:21:24 +0000, Eric Stevens said:

On Tue, 4 Aug 2015 14:19:24 -0700, Savageduck
wrote:

On 2015-08-04 20:47:33 +0000, Eric Stevens said:

http://www.theregister.co.uk/2015/08..._exploit_wild/

"The amusing vulnerability in Apple's OS X that grants
administrator-level access to anyone who asks is being exploited in
the wild by malware. Yeah, malware exists for Macs, this isn't the
1990s.

Anyone logged in to a vulnerable OS X computer, or any software
running on it, can use the security hole to gain the same privileges
as the powerful root user, meaning they can install new programs,
change files, remove or add new users, wreck the system, and so on, at
will.

According to Adam Thomas of Malwarebytes, dodgy software distributed
on the internet is now exploiting the vulnerability to inject the
VSearch and Genieo adware plus the MacKeeper junkware on to Macs, and
point users at an app to download from the official App Store."

... more


Thanks for the warning, but this is more of the usual FUD. Can you say
proof of concept, yet to be found in the wild.


You should read the article to which I linked.

"According to Adam Thomas of Malwarebytes, dodgy software
distributed on the internet is now exploiting the vulnerability to
inject the VSearch and Genieo adware plus the MacKeeper junkware on
to Macs, and point users at an app to download from the official
App Store."

It doesn't sound easy to do but if Malwarebytes are into it, it's real
and out there.


The Mac groups have been discussing this for the last two days and they
address another source. rather than that anti-Apple screed and FUDfest
"The Register".

The vulnerability might exist and Mac Usenet users are well aware of
it. However, it is one that most Mac users running the latest software,
and using established installation procedures of apps from known
sources, are not going to have to deal with.

As with all of these things the ones most vulnerable are those who
install questionable stuff to start with, and they have to play an
active part in that installation. The malware in question is not going
to infect any Mac without being invited in by that Mac's owner.


--
Regards,

Savageduck

  #10  
Old August 5th 15, 01:41 AM posted to rec.photo.digital
nospam
external usenet poster
 
Posts: 24,165
Default Mac users - be aware

In article 201508041738147826-savageduck1@REMOVESPAMmecom, Savageduck
wrote:

The malware in question is not going
to infect any Mac without being invited in by that Mac's owner.


yep
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Apple-Verizon's latest ingratiating, self-aware, pandering iPhone ad Savageduck[_3_] Digital Photography 4 May 14th 14 01:29 AM
Are you aware about your health?? [email protected] Digital Photography 1 May 21st 07 06:53 PM
ICM-aware image viewer? [email protected] Digital Photography 7 April 20th 06 07:59 AM
ACDSee 7 ICC Aware? Nathan Gutman Digital Photography 5 January 6th 06 06:59 PM
viewer/album software that is version aware and can tag photos? peter Digital Photography 6 August 12th 04 09:50 PM


All times are GMT +1. The time now is 03:59 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright İ2004-2024 PhotoBanter.com.
The comments are property of their posters.