Technical Tidbits

On the heels of my last blog post (yesterday), carrying some valid, but slightly older data about Apple’s method of handling security, I received an interesting - UP-TO-DATE - InfoWorld Newsletter with the headlines: Apple servers still vulnerable to DNS flaw.

A month after a critical flaw in the Internet’s Domain Name System was first reported, security experts are warning that updates introduced by Apple last week may not go far enough to combat the threat.

Even Microsoft updated and patched this and we know how much I just LOVE Microsoft!  Apple, when are you going to get a clue? What’s it going to take? The clocks ticking…….tick, tock, tick, tock, tick…..

written by Admin \\ tags: apple, apple servers, apple software updates, apple updates, apple vulnerabilities, dns, dns vulnerability, Mac, Security, security vulnerability, vulnerabilities

On June 9, I posted the first article that seemingly went unnoticed called: Apple Mac Arrogance or Pure Stupidity?

However, on June 25, a reader Matthew left the following comment:

This sounds like the typical advice of a ’security expert’ (read - antivirus software consultant). Can you tell me what the actual incidence (percentage) of Mac OS X users who, despite keeping their system fulling updated have been hit with a virus?

Well, I answered Matthew with a link to a site where he could check out the stats himself and closed with the comment, “How many viruses or vulnerabilities does it take to bring down a Mac? Only one.”

As fate would have it, evidence has been called to my attention that supports what I said back on June 9th. The funny thing is, it was written on March 28th by Gunter Ollmann on IBM’s Frequency X Blog. (Our marketing director found it while getting some statistics for our anniversary project.)

Gunter is reporting on the BlackHat Amsterdam conference that was going on at the time, and rather than summarize what he says, I’ll just quote him directly because he put it so eloquently!

In essence, with their “0-day Patch” metrics, they managed to show just how far Apple is trailing Microsoft in security patch responsiveness – in fact, after inspecting their graphs, Apple appears to be trending entirely in the wrong direction; more vulnerabilities, longer patching times, more 0-days, etc. – not the sort of thing we expect from a well known software vendor.

While I think that there are quite a few reasons why this is probably so, I’d be inclined to say that Apple’s biggest problem appears to be that they treat every new vulnerability as a potential PR disaster rather than an opportunity to visibly reinforce their work in securing their customers. In recent times this has most critically been reflected in the way Apple works with security researchers (e.g. I’m yet to find a single security researcher that has had any positive things to say about their dealings with Apple’s security team).” (Source: http://blogs.iss.net/archive/AppleCrumble.html)

Gunther also includes earlier in the post a link to the full report given that day by Stefan Frei and Bernard Tellenback titled “0-day Patch – Exposing Vendors (In)Security Performance” which turns out to be a BIG eye opener!

So for all the arrogant Mac users, and those who might just be oblivious to all this, I suggest you take a time out during your next “forced reset” (or in Windows terms, Crash) and give that a read!

And so I add to my previous comment to Matthew, “How many vulnerabilities does it take to bring down a Mac? Just one. And it looks like the ones are adding up!”

I rest my case.

Debbie Mahler,
Antivrus Software Consultant and Security Professional

PS A thank you to Gunter Ollmann, Stefan Frei and Bernard Tellenback for their information!

And a special PS to Matthew: Your statement in your comment that read, ‘This sounds like the typical advice of a ’security expert’ (read - antivirus software consultant).’ is slightly in error. Despite the garbage you find out on the web from affiliate marketers posing as “wanna be” security professionals on blogs trying to hawk their wares to the unsuspecting public, I really am a Security Professional. We are not affiliates with Trend Micro nor Symantec, we are Partners. A fact I guess I need to be more vocal about in the future. So thank you for pointing out where my marketing weaknesses are! You’re an angel!

written by Admin \\ tags: apple, apple security, Mac, mac os x, mac security, mac vulnerabilities, Security, vulnerabilities

What was I just saying in my most recent blog, “Apple Mac Arrogance or Pure Stupidity?“??

Hmmm, maybe I’m psychic? Or maybe I just know security! Ya think?

In a just published article on InfoWorld and MacWorld, Johnny Evans (MacWorld UK) reports that security vendors, SecureMac and Intego are separately reporting a new Trojan exploit for the Mac.

The Trojan horse is currently being distributed from a hacker website, where discussion has taken place on distributing the Trojan horse through iChat and Limewire.

The Trojan horse runs hidden on the system, and allows a malicious user complete remote access to the system, can reportedly transmit system and user passwords, and can avoid detection by opening ports in the firewall and turning off system logging.

Additionally, the AppleScript.THT Trojan horse can log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing. The Trojan horse exploits a recently discovered vulnerability with the Apple Remote Desktop Agent, which allows it to run as root.

My students have heard me preach and preach about the whole Limewire issue (not to mention bearshare and the others!) and I’ve stated in my referenced blog entry that Mac users are either arrogant or stupid if they believe they are exempt from these kinds of malware.

My God people, WAKE UP and smell the MALWARE!

To read the full InfoWorld Article, click the link: Full InfoWorld Article.

written by Admin \\ tags: hacker, hackers, iChat, infoworld, Intego, Johnny Evans, Limewire, Mac, MacWorld, malware, SecureMac, trojan, Trojan horse

Over the past several months, I’ve heard from students and clients about how the Apple/Mac store personnel tell them how secure Mac’s are compared to PCs. So secure says one of my PC Security students that she boasts not using any antivirus software or security tools!

I received one of my many security update summaries for last week and something interesting caught my eye that made me think back to this student. The summary listed 7, yes 7, vulnerabilities in Apple/Mac software.

Of course I reported on the issue with safari here: http://mice.org/blog/microsoft-advisory-blended-threat-windows-and-safari/

But there were six others disclosed just last week that included not only the MAC OS X Server but the OS X Operating System also.

These are also beginning to sound a lot like Microsoft flaws!

Here they are:

Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated byopening the document with TextEdit. (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1028)

Integer overflow in the CFDataReplaceBytes function in the CFData API inCoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow. (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1030)

Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow. (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1574)

Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing. (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1575)

Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in opportunistic circumstances, by sending an e-mail message. (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1576)

Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video inApple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to “multiple memory corruption issues.” (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1577)

This page at Apple’s site: http://lists.apple.com/archives/security-announce/2008//May/msg00001.html also lists these items and a few more, but in all of their descriptions they call a crash an unexpected system shutdown. Ummmmm, Apple folks? Here’s a heads up for you - that’s called a CRASH!

The question remains: Are Apple Mac users that arrogant to believe they are immune to flaws purely by virtue that they are running a Mac? Or, are they purely THAT STUPID?

Linux users know better than to believe their OS is infallible! Windows users have learned from experience that they are not infallible — REPEATEDLY!

So Mac users, which is it? Arrogance or stupidity? Because it’s obvious you aren’t immune!

And to the young lady in my course that doesn’t use AV software on her MAC, I’d suggest you get one immediately!

written by Admin \\ tags: apple, apple video, application crash, crash, image, Mac, mac crash, mac mail, mac os x, mac video, mail, os, os x, os x server, osx, pdf, safari, safari browser, server, text, text document, video, vulnerabilities, vulnerability

Microsoft has issued an advisory early this morning warning of a possible blended threat that can affect Windows XP and Vista computers when Apple’s Safari is installed!

According to the advisory, Microsoft is investigating public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed. Microsoft reports that they are working with Apple to confirm these public reports and to establish an action plan for patching if the reports are proven true.

Microsoft recommends that you restrict use of Safari as a web browser until an appropriate update is available from Microsoft and/or Apple.

The Safari installation on Windows issue also relates to our blog entry: http://mice.org/blog/the-apple-updates-safari-great-debate/

That discusses how you might have installed Safari with an iTunes or QuickTime update.

The full Advisory is located here:

http://www.microsoft.com/technet/security/advisory/953818.mspx

We’ve alerted our Alert subscribers and will be following this issue to resolution.

If you wish to subscribe to our Alerts Newsletters to be informed of up-to-the-minute security issues that may affect you as they happen, please visit our subscribe page located here:

http://mice.org/lists/subscribe.html

We get all early warnings from a variety (and number) of sources so we compile them into one alert for you! It saves inbox space!

written by Admin \\ tags: Advisory, apple, apple safari, blended threat, itunes, Mac, Microsoft, quicktime, safari, safari vulnerability, security advisory, vista, windows, windows safari vulnerability, Windows Vista, Windows XP, xp