MAAS History
Archives
Tuesday
Jan262010

Intego's Annual Year in Mac Security Report

DateTuesday, January 26, 2010 at 12:54PM

As a new year starts you can always look forward to reports on the past years security incidents and the prospects for the coming year. Although many vendors release these reports which tend to slant to a particular product or service there usefulness is debatable. However I think anyone interested in Mac OSX security should read Intego's Mac Security Report for 2009 to understand the trends from the past year. 

This report reviews various incidents from the past year and Apple responses. Based on the earnings report by Apple for the last quarter we can expect the number of incidents related to trojan's viruses and malware to grow as the popularity of the platform grows. It is a relativly simple equation, more Mac Users equals more machnes with high speed connection that crackers would love to exploit. 

I love Intego's Virus Barrier and any client that I first start working with usually becomes a fan very quickly. The software is seamless, fast, easy to manage and stable. I recommend it for Soho clients and larger organizations. 

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in
Thursday
Jan212010

Firefox 3.6 Released

DateThursday, January 21, 2010 at 05:23PM

Firefox 3.6 has been released with some improvements which includes in depth add-on notification. Firefox will now use notifications of out of date and insecure plug-ins (improved handling of Flash updates) when a page loads requirering action by the user. The "Enable Java" option is now located in Add-In window. Private browsing now will also remove the Temporary files when the application closes. 

Other application improvements include renaming of panels, full screen mode, support for personas, robust auto-complete and tabs. Users should update to this version to enhance their Firefox experience. 

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in ,
Tuesday
Jan192010

Apple Security Update 2010-001

DateTuesday, January 19, 2010 at 04:49PM

Apple has released Security Update 2010-001 to address various issues which have been reported recently including a fix of the TLS and SSL protocols, they do not allow renegotiation of sessions in this update. The IETF are still working on a fix to the protocol and the current version is a preventive security measure which mitigates the risk created. ImageIO has improved bounds checking which prevents a buffer overflow when viewing a maliciously crafted Tiff file. ImageRAW has been improved with better bound checking to address the handling of DNG images. 

CoreAudio could be exploited by a maliciously crafted mp4 file which would lead to application DOS or arbitrary code execution, there have been improvements to the bounds checking. CUPS was susceptible to a "use after free issue" in which an attacker could use a get-printer-jobs request to cause a DOS. It is recommended that users should unload the service if they are not using CUPS printing. This update has fixed this vulnerability but services that are not needed should be disabled. 

Apple also includes an updated Flash Player, after the install you should check your privacy and update settings in Flash to ensure the settings are what you want. This update requires a restart and is vital for client and server deployments.  

magmatic.com references

http://www.magmatic.com/currents/2009/11/7/tlsssl-vulnerability.html

http://www.magmatic.com/currents/category/flash

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , , , , , ,
Monday
Jan182010

Memory Curruption Proof of Concept in QuickTime Library

DateMonday, January 18, 2010 at 06:24PM

Offensive Security has received a posting to their Exploit Database from Dr_IDE that takes advantage of a memory corruption in the QuickTime Library used for a host of Mac OSX applications. This does include QuickLook which will cause a crash to be generated if the file is loaded in Icon view in finder. The proof of concept may be altered to allow an attacker the capability to execute code or produce an Application Crash, it is also possible to use this vulnerability in a remote attack if the attacker is sophisticated. (The URL can be altered very easily in a HEX editor.) The malformed file with codec header can be viewed in FIG. 1. 

Fig 1

At this stage it appears to crash the application, the malformed file is not detected by Mac anti-virus software. Users current defense is to only open and view files from a trusted source and update to the latest version of QuickTime. Remember if you have any doubts about the source then there is no reason to open or load the file on your systems. Additional use of a far more robust firewall which filters incoming and outgoing traffic should also be used locally on the Mac. (ipfw is a great start) These types of files can also be prevented at a proxy or advanced firewall system which can be purchased from from vendors such as WatchGuard or Cisco. Various configuration can drop files that have more the three "characters" together which are very common in POC that are rarely altered by unsophisticated attackers.

It is to be expected that as the popularity of the platform grows so does the interest by crackers. To employ an exploit such as this little tactical effort is needed. However strict defensive measures can mitigate an attack vector such as this. 

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , , , , , , , ,
Tuesday
Jan122010

Apple Remote Desktop Update 3.3.2

DateTuesday, January 12, 2010 at 06:43AM

Apple has released a version of Apple Remote Desktop Update 3.3.2 that has a host of stability and performance improvements. Some of which include better handling of Network Address Translation (NAT) behind a firewall, authentication reliability and a fix to the MAC address issue with MacBook Air. There are also improvements to the handling of third party VNC servers which is especially important for administrators in mix envirerments. The following is a list directly from Apple's Web site.

Setup

  • Improved handling of IP address and port changes for clients accessed behind a Network Address Translation (NAT) system
  • Upgrading to Apple Remote Desktop 3.3 will no longer reset non-administrator access privileges
  • Improved reliability when authenticating new client computers

Software Distribution

  • Improved reporting of results of failed package installations

Asset Management

  • MacBook Air MAC address is now correctly reported
  • Improved reliability of reporting systems configured with AirPort
  • Correctly reports system version for systems that have been promoted from Mac OS X to Mac OS X Server

Remote Assistance

  • Improved mouse cursor tracking when controlling remote systems
  • Improved reliability when controlling remote clients that have a 1366-by-768 resolution
  • Improved performance when clients are being controlled by RealVNC viewers
  • Improved reliability when controlling systems that have dual graphics processors
  • Improved support when controlling systems running third-party VNC servers
  • Improved reliability for drag-and-drop file copy
  • Improved reliability when controlling client computers that have two displays
  • Improved reliability when controlling remote systems in scale mode with certain resolutions
  • Menu Extra now correctly shows status when being observed by a VNC viewer
AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , , ,
Page 1 ... 27 28 29 30 31 ... 46 Next 5 Entries ยป