If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Mac users - be aware
http://www.theregister.co.uk/2015/08..._exploit_wild/
"The amusing vulnerability in Apple's OS X that grants administrator-level access to anyone who asks is being exploited in the wild by malware. Yeah, malware exists for Macs, this isn't the 1990s. Anyone logged in to a vulnerable OS X computer, or any software running on it, can use the security hole to gain the same privileges as the powerful root user, meaning they can install new programs, change files, remove or add new users, wreck the system, and so on, at will. According to Adam Thomas of Malwarebytes, dodgy software distributed on the internet is now exploiting the vulnerability to inject the VSearch and Genieo adware plus the MacKeeper junkware on to Macs, and point users at an app to download from the official App Store." ... more -- Regards, Eric Stevens |
#2
|
|||
|
|||
Mac users - be aware
On 2015-08-04 20:47:33 +0000, Eric Stevens said:
http://www.theregister.co.uk/2015/08..._exploit_wild/ "The amusing vulnerability in Apple's OS X that grants administrator-level access to anyone who asks is being exploited in the wild by malware. Yeah, malware exists for Macs, this isn't the 1990s. Anyone logged in to a vulnerable OS X computer, or any software running on it, can use the security hole to gain the same privileges as the powerful root user, meaning they can install new programs, change files, remove or add new users, wreck the system, and so on, at will. According to Adam Thomas of Malwarebytes, dodgy software distributed on the internet is now exploiting the vulnerability to inject the VSearch and Genieo adware plus the MacKeeper junkware on to Macs, and point users at an app to download from the official App Store." ... more Thanks for the warning, but this is more of the usual FUD. Can you say proof of concept, yet to be found in the wild. -- Regards, Savageduck |
#3
|
|||
|
|||
Mac users - be aware
In article , Eric Stevens
wrote: http://www.theregister.co.uk/2015/08..._exploit_wild/ enough with the register's linkbait bull**** According to Adam Thomas of Malwarebytes, dodgy software distributed on the internet is now exploiting the vulnerability to inject the VSearch and Genieo adware plus the MacKeeper junkware on to Macs, and point users at an app to download from the official App Store." no it isn't. malwarebytes has a vested interest in scaring people to sell their crap. for more accurate information, here's a very good summary: http://tidbits.com/article/15841? Wired has reported on new research being presented at this weekıs Black Hat security conference on a proof-of-concept Mac worm that could spread through the Macıs firmware, rather than software. While Wiredıs piece makes this sound like a super worm capable of leaping through air gaps and infecting the worldıs Macs, the reality is more mundane. The research itself is excellent and fascinating work from Trammell Hudson and Xeno Kovah, and as always we hope Apple patches all the flaws quickly, but this isnıt something most Apple users need to lose any sleep over. .... Am I vulnerable? Probably not. OS X 10.10.4 Yosemite breaks the proof-of-concept demonstration. That doesnıt mean Macs are immune from firmware attacks, but it does mean the current attack demonstration wonıt work on Macs running the latest version of Yosemite. .... Is this a new vulnerability? Yes and no. The concept is based on earlier firmware vulnerabilities. According to articles, five new vulnerabilities were reported to Apple after the original Thunderstrike proof of concept. Of those, one has been patched, one has been partially patched, and three more are still being dealt with. .... Is there anything I need to do? No, nearly everyone can ignore Thunderstrike 2 entirely. The research really is excellent, compelling work that the Wired piece unfortunately turned into a bit a fright-fest. The Web attack vector, in particular, is blocked in OS X 10.10.4. The worm canıt automatically jump air gaps those in sensitive environments can easily protect themselves by being careful where they source their Thunderbolt devices, and this entire family of firmware attacks is likely to become a lot more difficult as hardware improves, and as device manufacturers update their firmware code. |
#4
|
|||
|
|||
Mac users - be aware
On Tue, 4 Aug 2015 14:19:24 -0700, Savageduck
wrote: On 2015-08-04 20:47:33 +0000, Eric Stevens said: http://www.theregister.co.uk/2015/08..._exploit_wild/ "The amusing vulnerability in Apple's OS X that grants administrator-level access to anyone who asks is being exploited in the wild by malware. Yeah, malware exists for Macs, this isn't the 1990s. Anyone logged in to a vulnerable OS X computer, or any software running on it, can use the security hole to gain the same privileges as the powerful root user, meaning they can install new programs, change files, remove or add new users, wreck the system, and so on, at will. According to Adam Thomas of Malwarebytes, dodgy software distributed on the internet is now exploiting the vulnerability to inject the VSearch and Genieo adware plus the MacKeeper junkware on to Macs, and point users at an app to download from the official App Store." ... more Thanks for the warning, but this is more of the usual FUD. Can you say proof of concept, yet to be found in the wild. You should read the article to which I linked. "According to Adam Thomas of Malwarebytes, dodgy software distributed on the internet is now exploiting the vulnerability to inject the VSearch and Genieo adware plus the MacKeeper junkware on to Macs, and point users at an app to download from the official App Store." It doesn't sound easy to do but if Malwarebytes are into it, it's real and out there. -- Regards, Eric Stevens |
#5
|
|||
|
|||
Mac users - be aware
On Tue, 04 Aug 2015 17:48:38 -0400, nospam
wrote: In article , Eric Stevens wrote: http://www.theregister.co.uk/2015/08..._exploit_wild/ enough with the register's linkbait bull**** According to Adam Thomas of Malwarebytes, dodgy software distributed on the internet is now exploiting the vulnerability to inject the VSearch and Genieo adware plus the MacKeeper junkware on to Macs, and point users at an app to download from the official App Store." no it isn't. malwarebytes has a vested interest in scaring people to sell their crap. for more accurate information, here's a very good summary: http://tidbits.com/article/15841? Wired has reported on new research being presented at this weekıs Black Hat security conference on a proof-of-concept Mac worm that could spread through the Macıs firmware, rather than software. While Wiredıs piece makes this sound like a super worm capable of leaping through air gaps and infecting the worldıs Macs, the reality is more mundane. The research itself is excellent and fascinating work from Trammell Hudson and Xeno Kovah, and as always we hope Apple patches all the flaws quickly, but this isnıt something most Apple users need to lose any sleep over. ... Am I vulnerable? Probably not. OS X 10.10.4 Yosemite breaks the proof-of-concept demonstration. That doesnıt mean Macs are immune from firmware attacks, but it does mean the current attack demonstration wonıt work on Macs running the latest version of Yosemite. ... Is this a new vulnerability? Yes and no. The concept is based on earlier firmware vulnerabilities. According to articles, five new vulnerabilities were reported to Apple after the original Thunderstrike proof of concept. Of those, one has been patched, one has been partially patched, and three more are still being dealt with. ... Is there anything I need to do? No, nearly everyone can ignore Thunderstrike 2 entirely. The research really is excellent, compelling work that the Wired piece unfortunately turned into a bit a fright-fest. The Web attack vector, in particular, is blocked in OS X 10.10.4. The worm canıt automatically jump air gaps those in sensitive environments can easily protect themselves by being careful where they source their Thunderbolt devices, and this entire family of firmware attacks is likely to become a lot more difficult as hardware improves, and as device manufacturers update their firmware code. It doesn't sound like the same thing. -- Regards, Eric Stevens |
#6
|
|||
|
|||
Mac users - be aware
In article , Eric Stevens
wrote: It doesn't sound easy to do but if Malwarebytes are into it, it's real and out there. it's also been fixed in 10.10.5. |
#7
|
|||
|
|||
Mac users - be aware
In article , Eric Stevens
wrote: It doesn't sound like the same thing. true. the one malwarebytes is yapping about has already been fixed. |
#8
|
|||
|
|||
Mac users - be aware
| You should read the article to which I linked.
| It does sound rather mild. If someone downloads and runs an installer, while running in lackey mode with restrictions, that installer can bypass the restrictions. "Elevation of privilege". Someone still has to be sucked into running the installer. Elevating privilege when already accessing the machine is not such a big deal. (I've never even run in lackey mode. It's too much hassle.) What *would* be a big deal would be if Macs were getting "driveby downloads" -- attacks like the Flash bug at Yahoo this past week. Maybe Macs do get them. I don't know. But I'm not aware of any. On Windows with script/Flash/Acrobat enabled it's a constant, real risk. |
#9
|
|||
|
|||
Mac users - be aware
On 2015-08-04 22:21:24 +0000, Eric Stevens said:
On Tue, 4 Aug 2015 14:19:24 -0700, Savageduck wrote: On 2015-08-04 20:47:33 +0000, Eric Stevens said: http://www.theregister.co.uk/2015/08..._exploit_wild/ "The amusing vulnerability in Apple's OS X that grants administrator-level access to anyone who asks is being exploited in the wild by malware. Yeah, malware exists for Macs, this isn't the 1990s. Anyone logged in to a vulnerable OS X computer, or any software running on it, can use the security hole to gain the same privileges as the powerful root user, meaning they can install new programs, change files, remove or add new users, wreck the system, and so on, at will. According to Adam Thomas of Malwarebytes, dodgy software distributed on the internet is now exploiting the vulnerability to inject the VSearch and Genieo adware plus the MacKeeper junkware on to Macs, and point users at an app to download from the official App Store." ... more Thanks for the warning, but this is more of the usual FUD. Can you say proof of concept, yet to be found in the wild. You should read the article to which I linked. "According to Adam Thomas of Malwarebytes, dodgy software distributed on the internet is now exploiting the vulnerability to inject the VSearch and Genieo adware plus the MacKeeper junkware on to Macs, and point users at an app to download from the official App Store." It doesn't sound easy to do but if Malwarebytes are into it, it's real and out there. The Mac groups have been discussing this for the last two days and they address another source. rather than that anti-Apple screed and FUDfest "The Register". The vulnerability might exist and Mac Usenet users are well aware of it. However, it is one that most Mac users running the latest software, and using established installation procedures of apps from known sources, are not going to have to deal with. As with all of these things the ones most vulnerable are those who install questionable stuff to start with, and they have to play an active part in that installation. The malware in question is not going to infect any Mac without being invited in by that Mac's owner. -- Regards, Savageduck |
#10
|
|||
|
|||
Mac users - be aware
In article 201508041738147826-savageduck1@REMOVESPAMmecom, Savageduck
wrote: The malware in question is not going to infect any Mac without being invited in by that Mac's owner. yep |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Apple-Verizon's latest ingratiating, self-aware, pandering iPhone ad | Savageduck[_3_] | Digital Photography | 4 | May 14th 14 01:29 AM |
Are you aware about your health?? | [email protected] | Digital Photography | 1 | May 21st 07 06:53 PM |
ICM-aware image viewer? | [email protected] | Digital Photography | 7 | April 20th 06 07:59 AM |
ACDSee 7 ICC Aware? | Nathan Gutman | Digital Photography | 5 | January 6th 06 05:59 PM |
viewer/album software that is version aware and can tag photos? | peter | Digital Photography | 6 | August 12th 04 09:50 PM |