Free Republic

Older versions left vulnerable. Apple has fixed a major security hole that has been present in its OS X operating system since at least 2011. The 10.10.3 update addresses the so-called "rootpipe" vulnerability, which allowed an attacker to gain the highest level of access to the computer without a password. The vulnerability existed in checking XPC entitlements and meant a process may gain admin privileges without properly authenticating, Apple revealed. The flaw was identified by TruSec security researcher Emil Kvarnhammer, who discovered the flaw last October and notified Apple's product security team the following day. Kvarnhammer said a planned full...

Good Morning, hi, this is Biggirl. Just upgraded to the new Apple OS X on my Apple Mac Mini. I am trying to look for the "URL" so I can in the future post news articles. Has anyone who has an Apple computer and has upgraded please give me some helpful messages. Thank-you. :) =^..^=

A relatively long-standing vulnerability in OS X has been uncovered by a Swedish hacker, Emil Kvarnhammar, who has dubbed it “rootpipe” by the so-far undisclosed method in which it can be used to take control of your Mac. In this vulnerability, a flaw allows a hacker to gain administrative access of a system without supplying a password, and then be able to interact with your Mac as an administrator. In an interview with MacWorld, Kvarnhammar describes this bug as having been present in OS X 10.8.5, but he was not able to replicate it in 10.9; however, Apple has shuffled...

Apple’s OS X is vulnerable to the Shellshock bug, but it’s not that easy for attackers to take advantage of it, according to Intego, which specializes in security software for the operating system. Shellshock is the nickname for a flaw in the Bourne Again Shell, or Bash, which is a command-line shell processor widely present in Unix and Linux systems. The flaw in Bash, which has been present for two decades, could allow an attacker to take complete control of a computer. Apple, which plans to patch the flaw, said most users are fine unless they’ve tweaked advanced Unix settings....

A major flaw in Apple Inc software for mobile devices could allow hackers to intercept email and other communications that are meant to be encrypted, the company said on Friday, and experts said Mac computers were even more exposed. If attackers have access to a mobile user's network, such as by sharing the same unsecured wireless service offered by a restaurant, they could see or alter exchanges between the user and protected sites such as Gmail and Facebook. Governments with access to telecom carrier data could do the same. ... "It's as bad as you could imagine, that's all I...

With Windows 8.1 Professional and OS X 10.9 Mavericks both now shipping, how do the two flagship PC operating systems compare? Does Windows 8.1 fix enough of Windows 8's usability flaws to be worth adoption? Does Mavericks add enough value to get your attention?Windows 8.1 lets users avoid most of the Windows 8 experience, so they can return to a Windows 7-like state of bliss, whereas Mavericks simply makes the Mac that much easier to use, especially if you work with iPads and iPhones, too. In short, the two updates keep the relative balance between Windows and OS X...

Malwarebytes takes a look at a method cyber-criminals have begun using to target Mac users with "ransomware", hijacking the user's browser with a notice demanding payment of $300 in order to release control of the application. While similar malware has affected Windows systems for a number of years, Mac users have only rarely seen such efforts targeted at themselves. The ransomware page is being pushed onto unsuspecting users browsing regular sites but in particular when searching for popular keywords. Warnings appearing to be from the FBI tell the victim: “you have been viewing or distributing prohibited Pornographic content.. To unlock...

On the heels of Windows 8.1 announcements, the Windows 8 operating system is just starting to make moves as the new third most popular operating system. Windows 8 had 5.1 percent of all desktop OS web traffic in June, beating Vista for the first time, according to web analytics firm Net Applications. Windows Vista saw a smaller 4.62 percent of traffic that same month. The OS' positions were switched in May when the W8 numbers sat at 4.27 percent, edged out by Vista's 4.51 percent of web traffic. Interestingly, both operating systems gained market share between the months of May...

In a challenge to the prevailing belief that Apple computers are immune to the sort of cyberattacks that plague WIndows-based machines, research firm Sophos has released a study claiming that one in five Macs have malware. The report, released on Tuesday, is based on a “100,000-strong snapshot” of the millions of Macs that downloaded Sophos’s free Mac antivirus software. The study found that 20% of Macs were carrying one or more instances of Windows malware. Such malware doesn’t cause symptoms unless the Mac owners run Windows on their machines, but it can be spread to others. However, this doesn’t appear...

An investigation by Dr Web suggests that about 600,000 Macs have the malware - potentially allowing them to be hijacked and used as a "botnet". It says that more than half that number are in the US. Flashback was first detected last September when anti-virus researchers flagged software masquerading itself as a Flash Player update. Once downloaded it deactivated some of the computer's security software. Remote control "By introducing the code criminals are potentially able to control the machine," the firm's chief executive Boris Sharov told the BBC. "We stress the word potential as we have never seen any malicious...

Does it seem like there is a lot of malware out there lately? Well, that’s because there is. Microsoft reported that one out of every 14 programs downloaded is Windows malware, and Internet Explorer (IE) blocks between 2 and 5 million attacks for IE8 and IE9 users. That really is a lot of malware. An article at PC Magazine stated: Application Reputation, a security feature of IE9, not only uses URL-based methods to detect sites that could be hiding malware, but also looks at the file itself and determines if others have downloaded it. A newly created file might not...

The once relatively virus-free Apple Mac ecosystem has been tainted forever by a nasty malware scam and you sense an age of innocence has ended. It’s a deadly shock to that ecosystem because now a second variant bug has arrived that requires no password. The malware first manifested itself when Mac users noticed ads for a product called Mac Defender that promised to protect them against malware and viruses. However, it turned out Mac Defender was actually a piece of malware that becomes active on a desktop after a user is suckered into entering a password, and floods the screen...

Intego has discovered a rogue anti-malware program called MACDefender, which attacks Macs via SEO poisoning attacks. When a user clicks on a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file. In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open “safe” files after downloading in Safari, for example), will open. The file is decompressed, and the installer it contains launches presenting a user with the following screen:...

Apple's OS X is First OS to be Hacked at This Year's Pwn2Own Charlie Miller lets someone else win a MacBook for a change The conception that Apple, Inc. computers running OS X are magically more secure than Windows computers was dealt another setback this week. Using a flaw in Apple's pre-installed first-party Safari browser, it took French security pro Chaouki Bekrar merely 5 seconds to hijack the unwitting MacBook at the CanSecWest Conference's pwn2own contest in Vancouver, British Columbia. On a most basic level the attack exploited Apple's weak memory protections in OS X Snow Leopard. Microsoft, more popular...

Today, in 1985, Windows 1.0 is released. It turned out to be a big deal.

Here's another blow to those insist that Apple products are rock solid and unhackable: The security company Secunia reports that Apple products have more vulnerabilities than those of any other company. Oracle came in second place, with Microsoft in third. Secunia just issued a report that covers vulnerabilities for the first half of 2010, and it's not good news for Apple. The report (which you can download here) shows that Apple last had the most vulnerabilities of all vendors in 2005, before Oracle took over the top spot. And now Apple is on top again. You can see the chart,...

Here's one more piece of evidence that the Mac isn't the secure, locked-down system that its proponents claim: The organizer of the Pwn2Own hacking contest says that Windows 7 is more secure than Snow Leopard, and that Safari will be the first browser to fall victim in the upcoming hacking contest. Contest organizer Aaron Portnoy, who is the security research team lead with 3Com TippingPoint, the sponsor of Pwn2Own, told Computerworld's Gregg Keizer that: "Safari will be the first to go. [Safari will] be on Snow Leopard, which isn't on the same level as Windows 7." Last year at the...

DESPITE THE RABID CLAIMS of Apple fan boys that its software is more secure than anything else on the market, Jobs' Mob products were the first to be trashed again at a Pwn2Own hacking competition. In fact flaws in the Iphone OS and zero-day vulnerabilities in Apple's Safari 4 web browser made a mockery of Apple's advertising. Flaws were also found in Mozilla Firefox and Internet Explorer 8 but apparently hackers had some trouble getting around exploitation mitigations in Windows 7, although eventually they did. Vincenzo Iozzo and Raif Weinmann were the first to successfully hack a mobile device, exploiting...

Say, Charles -- it's been awhile! But we're pleased as punch to see that you're back to your old ways, poking around within OS X's mainframe just looking for ways to remotely control the system, snag credit card data and download a few interoffice love letters that are carefully stashed 15 folders down within 'Documents.' The famed Apple security expert is planning yet another slam on OS X at CanSecWest, where he'll reveal no fewer than 20 zero day security holes within OS X. According to Miller, "OS X has a large attack surface consisting of open source components, closed...

The vulnerability is a variant of an issue raised last summer. Proof of concept exploit code was posted today by a security researcher at SecurityReason to demonstrate a vulnerability in versions 10.5 and 10.6 of Apple's Mac OS X operating system. The vulnerability is a potential buffer overflow error arising from the use of the strtod function Mac OS X's underlying Unix code. It was first reported by researcher Maksymilian Arciemowicz last June. SecurityReason's advisory describes a flaw in the libc/gdtoa code in OpenBSD, NetBSD, FreeBSD, and MacOS X, as well as Google Chrome, Mozilla Firefox and other Mozilla software,...