Security Software Official Warning on Mac Code Bug

[thexfactor]

The federal US computer security watchdog has issued a warning about a bug in Apple's OS X operating system. The US Computer Emergency Readiness Team (US Cert) issued the alert after security researchers produced code that could exploit the DMG bug. The flaw involves the way OS X handles disk images and could be used to crash or take over a vulnerable machine. So far the DMG bug has only been shown to work under laboratory conditions and has not been seen in the wild. The DMG bug came to light during a month-long project run by the Info-Pull research group that aimed to find one "kernel" bug a day. The kernel is the heart of an operating system. The warning from US Cert urged said the memory corruption caused by the bug could make a computer unstable or allow an attacker to hijack it. It urged users to avoid downloading DMG files, which bear a .dmg suffix, from unknown sources.

The bug even affects machines that are patched with the latest fixes. Apple has yet to provide a fix for the DMG bug though a workaround is known which should stop computers falling victim. The bug has only been proved to work under laboratory conditions. No cases of it being exploited in the wild are known and no users are thought to be at risk. The availability of the exploit code might tempt some malicious hackers to craft webpages that take advantage of it. Users of Apple Mac computers are far less likely to suffer security problems because the vast majority of viruses are written to exploit Microsoft's Windows operating system. There are also differences in the way that OS X works which help to prevent malicious code taking hold. The increasing popularity of Mac computers has led to increasing scrutiny of Apple's operating system and security researchers are unearthing many flaws and potential exploits.

BBC NEWS | Technology | Official warning on Mac code bug

 

[thexfactor]

Anti-virus researchers have spotted the first signs of an adware/spyware program capable of launching browser windows on Apple Computer's Mac OS X. According to a warning from F-Secure, a security vendor in Helsinki, Finland, the proof-of-concept program could be silently installed on a Mac's User account and hooked to each application used by that account. The company said the sample, named iAdware, successfully launched the Mac's built-in Safari Web browser whenever applications were being used. "We won't disclose the exact technique used here," F-Secure said, noting that the program was manipulating a feature in Mac OS X. "It's a feature, not a bug, but let's just say that installing a System Library shouldn't be allowed without prompting the user," the company added. The F-Secure notice said the adware program does not require administrator rights. "An admin could install this globally to all users," the company said. "This is easier to do than with Windows. After all, it's a Mac." Security experts have long warned that the Mac platform is not immune to malware attacks, and the appearance of a Mac-specific adware sample suggests that online scammers are tinkering with ways to target Apple's user base.

Mac OS X Spyware Sample Spotted