MAAS History
Archives
Wednesday
Jan282009

Mac Trojan Horse OSX.Trojan.iServices.A

I debated even including this since if you download illegal software do so at your own risk. Currently circulating various BitTorrent tracker sites and other sites which are know to offer pirated software is a Mac Trojan Horse named  OSX.Trojan.iServices.A. When a user installs the illegal copy of IWorks the first item installed is this Trojan in /System/Library/StartupItems/iWorkServices . The Trojan notifies the attacker that it is alive. The attacker can remotely connect to the compromised system and  perform operations as root. (If you have set up your system as root and have a limited admin the Trojan executes at that privilege level.)

Make sure never to install illegal software on your computer! When using BitTorrent always know the source and confirm the MD5 and SHA to the developers site, contact them if you must. There is no 100% protection and most Open Source offerings are sound, you however are responsible for the accumulation of evidence to establish a acceptable chain of trust. Know what your getting, check what your getting, trust what your getting.

Remember Mr. Mulder, "Trust NO ONE." X

Thursday
Jan222009

Quick Time 7.6 Fixes Several Vulnerabilities

Similar to other user click and view attacks, the user is the gateway to the attack. The attacker entices a user to click on a link to view a movie file that has the malicious code in it. In the most of extreme cases the attacker can gain control of your computer and execute code on it. 

Monday
Jan052009

Private Browsing is Not Always Private

Well, duh! Private browsing in browsers such as Safari or Fire Fox is not what it seems to be unless you take advantage of tools and or services such as JAP, TOR-Proxy or Proxify. When selecting private browsing on any system third party products such as Flash or Google gears have their own way of storing information and of course their own way of managing the privacy of that information. This is all included in the installer(s) and downloader(s) but like much of everything in our on demand world people confuse the OK button with security.

A big issue for users and administrators with the Flash plug-in is that the global settings are accessed via a SSL site, which may be blocked for users behind corporate firewalls. This is something administrators should consider if Flash is part of their install. Simply put it is important to configure these privacy settings as well.

To access and change your Flash settings access the following site, the settings are the actual application loaded into the page. I have it set for the highest privacy settings, which accepts and stores nothing on any of my systems. 

Adobe - Flash Player : Settings Manager - Global Storage Settings Panel

Monday
Dec152008

OSX Update 10.5.6

Apple has release an update that addresses about 21 security issues that can be exploited in a variety of ways. If you are using egress filtering between groups/departments the effects of local attacks may be contained but it it recommended to install the update for your particular system. Popular exploitation delivery includes directing a user to a web site or sending a corrupt image to be viewed locally. This can in the worst case result in the execution of code and hijacking the entire system. 

Overview

 

  • Heap buffer overflow in CoreGraphics.
  • Flash Plug-in Vulnerabilities which are web directed exploits. 
  • CoreServices credential hijack vulnerability. 

 

These can result in:

 

  • Session fixation attack.
  • Denial of Service.
  • Elevation of privilege.

 

 

Monday
Nov242008

Safari Updates Address Security Concerns

Apple released updates to Safari on November 13, I have been busy with school so sorry about the delayed posting. It addresses several issues in the Macintosh version including the possibility that a local user can obtain sensitive data from the cache. Webkit issues address include out of bound memory access, termination and arbitrary code execution. 

Make sure that this update has been install since there are currently exploits in the wild that are taking advantage of application termination issues.