magmatic.com - Squawk Box

MAAS History

Java for Mac OSX 10.5 Update 5

Thursday, September 3, 2009 at 05:20PM

Apple-SA-2009-09-03-1 Java update 5 addresses various CVE-ID for Mac OSX 10.5 client and servers running the follow Java versions below:

Java 1.6.0_13 had serious vulnerabilities including allowing an untrusted Java Applet to elevate privileges
Java 1.5.0_19 had serious vulnerabilities including allowing an untrusted Java Applet to elevate privileges
Java 1.4.2_21 had serious vulnerabilities including allowing an untrusted Java Applet to elevate privileges

In addition CVE-2009-2205 related to a stack buffer overflow in the command launcher in Java Web Start. This resulted in a unexpected application termination or arbitrary code execution. This update will require a restart.

If you manually installed Java or want to download the update it can be found at the following link http://support.apple.com/downloads/

drStrangeP0rk |

Post a Comment |

3 References |

Apple,

Client,

Java,

Mac OSX JRE Vulnerabilities,

Server,

Updates

Tuesday

Sep012009

Snow Leopard Client defaults to 32-Bit Kernel

Tuesday, September 1, 2009 at 07:41AM

Mac OSX 10.6 includes 64-bit versions of various applications, the default kernel setting is to boot into 32-bit mode. To boot the 64-bit kernel users have to hold down the "6" and "4" key at boot time. (Holding "3" and "2" will cause 10.6 to boot back in 32-bit mode.) For OSX 10.6 Server the kernel boots into 64-bit mode by default. To make the change permanent users need to edit com.apple.Boot.plist and change the configuration. There is also a issue with older MacBooks only recognizing 3GB of ram out of 4GB if they are equipped with the 32-bit EFI chip. Apple claims many of the features are not completely ready yet, as they do become available they will be incorporated into updates. Their goal to to provide a stable transition to a truly 64-bit platform. The Finder, Mail, Safari, TextEdit, Preview are all 64-bit along with Mac OSX server.

To check your EFI enter the following command in the Terminal

ioreg -l -p IODeviceTree | grep firmware-abi

The result should be the following.

| | "firmware-abi" = <"EFI64">

Now you can edit the com.apple.Boot.plist changing the key value for Kernel Flags.

// default 32-bit mode

<key>Kernel Flags</key>

Change that to:

//64-bit mode

<key>kernel Flags</key>

drStrangeP0rk |

Post a Comment |

1 Reference |

Apple,

Mac OSX 10.6,

Server

Monday

Aug312009

Snow Leopard Installs Flash 10.0.23.1, Users Have to Reinstall 10.0.32.18

Monday, August 31, 2009 at 08:58AM

Users that upgrade to Snow Leopard in production systems should visit Adobe's download page for Flash and download the latest version 10.0.32.18. The older version can be exploited by various Flash exploits. Users should also check their Flash Privacy Settings using the Settings Manager. These settings should be set for maximum privacy.

Users can check their version of Flash here http://kb2.adobe.com/cps/155/tn_15507.html

Fake Snow Leopard Sites Spreading OSX_JAHLAV.K Trojan

Thursday, August 27, 2009 at 06:59PM

It is being reported that fake Snow Leopard sites are spreading the OSX_JAHLAV.K Trojan. This Trojan has been evolving and performing different levels of havoc, the current manifestation is changing DNS entries which redirect users to malicious sites. From here users may experience phishing and be directed to download FAKEAV which is malicious anti-virus software.

Users should not expect to download free copies of OSX or any software for that matter that is a commercial product. Many cracked software has malicious code and should not be trusted. If you suspect that you may have been infected users should review http://www.magmatic.com/currents/2009/6/23/trojan-jahkav-c-more-to-come.html including the follow-up postings.

drStrangeP0rk |

Post a Comment |

1 Reference |

Apple,

Mac OSX 10.6,

Mac OSX Trojan,

Trojan

Tuesday

Aug252009

Apple Will Release OSX 10.6, aka Snow Leopard, This Friday

Tuesday, August 25, 2009 at 08:19AM

The release of OSX 10.6 includes various refinements and security benefits including 64-bit code for the Finder and other common applications. Sandboxing, library randomization and protection of memory are all standard under the 64-bit schema and are implemented with no effort by the average user. 64-bit applications use enhanced checksums, secure argument passing and hardware-based execute disable for heap memory making it much more difficult for attackers to use exploits which are triggered by memory corruption .

Update on Tuesday, August 25, 2009 at 05:07PM by

drStrangeP0rk

Intego has a posting showing 10.6 flagging a download that has the OSX.RSPlug.A Trojan allowing the user options including ejecting the image. OSX 10.6 does have some new anti-virus features, this example appears to be the result of mounting a downloaded disk image for the web. It may be the result of sandboxing, malware/virus/trojan identification and detailed reporting. OSX server does include Anti-Virus capabilities, this seems to be a expansion into the client side.

http://blog.intego.com/

Update on Thursday, August 27, 2009 at 06:10PM by

drStrangeP0rk

Mac World has details of the protection provided in the above example reported. In OSX 10.5 "File Quarantine" apeared to the user as the dialog box which warned of content from the web invoking an user decision. This goes one step further in that "File Quarantine" now checks the files against malware definitions in a plist file located at System/Library/Core Services/CoreTypes.bundle/Contents/Resources/XProtect.plist. Currently the definitions contain OSX.RSPlug.A Trojan Horse and OSX.iService which was part of the illegal iWork installer. I always recommend that an intergraded Virus/Firewall protected application be used on any Mac OSX system and that is still the case with Snow Leopard.

This is one of the many improvements to Mac OSX adding to the layered approach to security. All to often my first question is what kind of virus and or firewall are you using and the response is "We are Mac users, we don't have those problems." It is like many of the improvements in Snow Leopard which tighten up an already excellent OS.

http://www.macworld.com/article/142457/2009/08/snowleopard_malware.html

Update on Friday, September 4, 2009 at 09:15PM by

drStrangeP0rk

This site has the current list of incompatible software with the current release of Snow Leopard.

http://support.apple.com/kb/HT3258

drStrangeP0rk |

Post a Comment |

2 References |

Apple,

Updates