magmatic.com - Squawk Box

MAAS History

Entries by drStrangeP0rk (171)

Sunday

Nov072010

iOS4.1 Alarms Issue Continues in the US

Sunday, November 7, 2010 at 07:42AM

As was reported from overseas last week, devices running iOS 4.1 repeating alarms in the Clock.app will not work correctly. It is also affecting various applications which use the alarm features. You have to disable the repeat feature and then after today (12:00 am Monday) set your alarms to repeat. This should fix the problem.

Apple has anknowledge the problem and an update is in the works. Please visit support document TS3542 for more information.

drStrangeP0rk |

Post a Comment |

1 Reference |

Apple,

iOS4,

iPhone,

iPod

Friday

Nov052010

Adobe Releases Update 10.1.102.64 of Flash

Friday, November 5, 2010 at 11:10AM

Adobe has released an update of Flash Player 10.1.102 to address vulnerabilities related to APSB10-26. This included the AuthPlayLib.bundle flaw in Acrobat/Reader, the resulting crash can allow an attacker to gain system permissions of the current user. It is recommended that users update to the latest version of Flash here. Users should also recheck your setting manager settings after the install and check your privacy settings.

drStrangeP0rk |

Post a Comment |

2 References |

Adobe,

Flash,

Updates

Tuesday

Nov022010

Sophos Releases a Free Home Anti-Virus for the Mac

Tuesday, November 2, 2010 at 08:27AM

Sophos, an excellent provider of Anti-Virus software has released a Mac Version of a Free Home Edition. If you have family or friends this product is an excellent alternative to ClamXav.

http://www.sophos.com/products/free-tools/free-mac-anti-virus/

drStrangeP0rk |

Post a Comment |

Anti-Virus

Thursday

Oct282010

Adobe Confirms 0day Related to Flash and Acrobat

Thursday, October 28, 2010 at 12:37PM

Adobe has issues a security advisory which has confirmed a 0day that has been used in the wild which affects the Flash Player, Adobe Reader and Acrobat.The vulnerability is cross platform including earlier versions of Android.

The vulnerability casues a crash and will allow a malicious actor to execute command with the users priviledges. Adobe has posted mitigation method on the attached advisory but this is a summary.

Adobe Reader 9.x - Macintosh
1) Go to the Applications->Adobe Reader 9 folder.
2) Right Click on Adobe Reader.
3) Select Show Package Contents.
4) Go to the Contents->Frameworks folder.
5) Delete or move the AuthPlayLib.bundle file.

Acrobat Pro 9.x - Macintosh
1) Go to the Applications->Adobe Acrobat 9 Pro folder.
2) Right Click on Adobe Acrobat Pro.
3) Select Show Package Contents.
4) Go to the Contents->Frameworks folder.
5) Delete or move the AuthPlayLib.bundle file.

This vulnerability affects the AuthPlayLib.bundle file, we recommend using Preview.app for viewing of PDF files.

drStrangeP0rk |

Post a Comment |

2 References |

Acrobat,

Adobe,

Exploits,

Flash,

Wild,

Zero Day

Wednesday

Oct272010

Mac Trojan Spreading Via Social Networking Sites

Wednesday, October 27, 2010 at 07:30AM

There is a report that a Mac OSX Trojan is spreading via email, social media and networking sites. The delivery method uses Java, which has the added advantage to the attacker of being platform specific. The link usually states "is this you in this video" but has been seen in various forms.

Currently Microsoft has reported a raise in malware related to Java. Since it is widely used and is not platform specific it would only be logical to use for malicious activity. (Flash and Acrobat is choose for these reasons. Secure Mac has labeled the virus trojan.osx.boonana.a and is offering a free removal tool. Users can also use Java Preferences.app to limit the effects including amount of cache available and redistricting java apps using Verify Mixed Security Code that controls sand-boxing. Additionally setting related to allowing users to grant permissions and handling of signed/unsigned content.

If Java is not used then it should be disabled in Safari. Check back as more information becomes available.

Update on Wednesday, October 27, 2010 at 04:42PM by

drStrangeP0rk

Intego has provided more details regarding the malware reported and has tagged is OSX/Koobface.A. If you are infected the varient they have studied installs and invisible folder in the users home directory. In terminal perform ls -a to view invisible files. Look for a folder .jnana, if you have one then you are infected. The best defense option is to disable Java, notify users and check Java Preferences.app in /Utilities. Here you can set how an untrusted applet are handled.

The code within the sample we have is not sophisticated enough to really represent a high level of Mac Programming skill but Mac users should expect more. The Windows files match various Koobface worm signatures in that it attempts to steal sensitive information from the users computer. The Mac code connects to a server to load additional files which in Koobface fashion alters the DNS lookups of various sites, executes a web server and IRC server.

Some of the variants of Koobface include the following:

Worm:Win32/Koobface.gen!F, [Facebook]Microsoft Virus Definition
Net-Worm.Win32.Koobface.a, which attacks MySpace
Net-Worm.Win32.Koobface.b, which attacks Facebook.
WORM_KOOBFACE.DC, which attacks Twitter.
W32/Koobfa-Gen, which attacks Facebook, MySpace, hi5, Bebo, Friendster, myYearbook, Tagged, Netlog, Badoo and fubar.
W32.Koobface.D

MacOSX is becoming a enticing target for malware developers, no longer is security by obscurity an option.

In addition to checking the Intego link above vist http://www.zdnet.com/blog/security/koobface-for-mac-os-x-squirming-on-facebook/7579 for a write up.

Update on Friday, October 29, 2010 at 05:29PM by

drStrangeP0rk

Intego has posted an update related to OSX/Koobface.A an their assessment appears to be technically on the money. Most importantly Mac administrators and users need to prepare for malware directed at Apple products. AS the platform has increased in popularity so will the desire of malicious actors to compromise users systems usually with the goal of high jacking their high-speed connection for use in a botnet. I suggest that you stay informed by visiting their blog. More importantly their product, VirusBarrier along with WashingMachine are excellent products which I highly recommend.

This seems like a very primitive attempt to create Koobface Mac zombies, but as we know when in comes to criminals; if at first you don't succeed try, try again!"

drStrangeP0rk |

Post a Comment |

1 Reference |

Java,

Malware