Free Republic

A security researcher uncovered a zero-day in Apple software by tweaking a few lines of code. Speaking at Defcon in Las Vegas last week, Patrick Wardle, Chief Research Officer of Digita Security, described his research into "synthetic" interactions with a user interface (UI) that can lead to severe macOS system security issues. Synthetic events are when attackers can virtually "click" objects in order to load code without user consent. If a threat actor is able to "click" a security prompt and load a kernel extension, this could lead to the full compromise of an operating system. "Via a single click,...

Update: Apple has acknowledged the issue and is working on it. Statement and workaround below. Wow, this is a bad one. On Macs running the latest version of High Sierra — 10.13.1 (17B48) — it appears that anyone can log in just by putting “root” in the user name field. This is a huge, huge problem. Apple will fix it probably within hours, but holy moly. Do not leave your Mac unattended until this is resolved. The bug is most easily accessed by going to Preferences and then entering one of the panels that has a lock in the lower...

Hacking Apple Mac OS X is no easy task. Just ask security researcher Vincenzo Iozzo. Iozzo delivered a session on Mac OS X hacking at the Black Hat security conference, where he attempted to show how he had developed a new vulnerability that allows for a hacker to executes arbitrary code on Apple's OS X. But if anything, the effort demonstrated that Apple users don't have much to fear -- for now, at least. "The attack can only work if you already have access to the machine," Iozzo said during his presentation. "The attack is not a magic [wand] that...

Excerpt - Attack code that exploits a flaw in Apple Computer's Mac OS X was publicly released Wednesday, increasing the urgency to patch. The code's arrival comes just a day after Apple made an update available for its operating system. The malicious program takes advantage of a locally exploitable vulnerability in an operating system component called "launchd". "Attackers may exploit this issue to execute arbitrary code with elevated privileges," Symantec said in a security alert to customers that was updated on Thursday. On Tuesday, Apple delivered Mac OS X 10.4.7. The operating system update repairs a total of five flaws....

Broken Windows Here’s a billion-dollar question: Why are Windows users besieged by security exploits, but Mac users are not? For the sake of this discussion, let’s consider the realm of “security” to encompass any sort of software running on your computer, which software you wish weren’t there. So we’re not just talking about viruses?/?worms?/?Trojan horses — we’re talking about crapware of any sort, including adware and spyware. Adware is software that displays advertisements, typically in pop-up windows. Web surfers have been cursed by pop-up ads for years, but it’s common knowledge that they’re pretty much just a problem for Windows...