The Safe Mac

Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!

Problem with Yosemite Recovery Update 1.0

Posted on April 11th, 2015 at 9:50 AM EDT


If you’re a reader of this blog, there’s a higher-than-usual chance that you are one of those security-minded folks with both FileVault disk encryption and a firmware password enabled. If so, you may have a problem after installing Yosemite Recovery Update 1.0. When I installed it (along with 10.10.3), I ended up with the dreaded “flashing folder with a question mark” icon when the machine restarted halfway through the install. Read the rest of this entry »


Spigot adware proliferates

Posted on April 8th, 2015 at 11:42 AM EDT


Spigot first came onto my radar back in 2013, when CNET began including Spigot extensions in some installers downloaded from their site. (See Boycott CNET’s For a long time, Spigot remained static, consisting of only five browser extensions: Searchme, Amazon Shopping Assistant, Ebay Shopping Assistant, Slick Savings, and rarely, Domain Error Assistant. Recently, however, new variants of Spigot have been appearing like poop on a lawn full of geese. And some of the strategies it’s using stink just as badly! Read the rest of this entry »


Java now installing adware

Posted on March 4th, 2015 at 11:34 AM EDT


Rich Trouton, a Mac systems administrator who runs the Der Flounder blog, discovered yesterday that a Java installer is installing adware, in the form of the Ask Toolbar. (He first wrote about it on JAMF Nation, but has published additional information in his Der Flounder post today.) Fortunately, in the course of trying to duplicate his findings, it appears that this installer is a bit finicky, and may not always install the toolbar properly. Read the rest of this entry »


Avast’s man in the middle

Posted on February 24th, 2015 at 12:47 PM EDT


The security community is ablaze with news of Superfish being pre-installed on some Lenovo computers. The primary issue concerning experts is that Superfish replaced SSL certificates, used for ensuring secure connections on the internet, with its own certificates. It turns out that the same behavior is being exhibited by software that many people are inclined to trust: Avast’s anti-virus software! Read the rest of this entry »


Apple cracks down on adware

Posted on February 13th, 2015 at 7:25 AM EDT


Apple has used the XProtect anti-malware protection in Mac OS X to block a few pieces of adware in the past. Yesterday, they cracked down on adware again, adding a slew of new items to XProtect’s signatures, used for identifying and blocking malicious apps. Three are updated signatures, while one is for adware never before blocked by XProtect. Read the rest of this entry »


OpinionSpy is back!

Posted on February 9th, 2015 at 8:08 PM EDT


OpinionSpy first appeared in 2010, installed along with a number of screensavers made by a company named 7art, as well as a few other applications. OpinionSpy – officially called PremierOpinion by its developers – was spyware disguised as marketing software. It was described by Intego at the time, who attributed to it the ability to capture data from the infected Mac as well as from the network it connected to, as well as having backdoor functionality. Read the rest of this entry »


How serious is Thunderstrike?

Posted on January 19th, 2015 at 10:59 AM EDT


A few weeks ago, Trammell Hudson demonstrated a way to permanently infect a Mac’s firmware using an exploit involving the Thunderbolt port on recent Macs. There has been a lot of very excellent information written about this, such as Rich Mogul’s Thunderstrike article in TidBITS. Although I can’t really provide any additional information, I can at least give readers my own perspective. Read the rest of this entry »


Tech support scam pop-ups

Posted on January 6th, 2015 at 7:14 AM EDT


The internet has been awash with all manner scams for a long time. The variety boggles the imagination, ranging from Nigerian princes wanting to pay strangers exorbitant sums for help moving some money, to Facebook posts asking if it’s really you in this photo, to “one weird trick” for just about anything you might want to do. Although not exactly new, one of these scams has seen an upswing in recent months: the fake tech support scam. Read the rest of this entry »


A look back at the malware of 2014

Posted on January 2nd, 2015 at 4:34 PM EDT


As most Mac users know, Macs don’t get malware. Unfortunately, what most Mac users know on this topic is actually wrong! There actually is Mac malware out there, there’s just a lot less than there is for Windows. Fortunately, in 2014, new malware appearances have dropped since 2013. Read the rest of this entry »


Genieo adware causing Safari crashes

Posted on December 21st, 2014 at 6:57 AM EDT


Over the last week, I’ve been seeing a lot of reports of Safari crashes on Apple’s discussion forums as well as via personal e-mail. All seem to be running Yosemite with Safari 8. Interestingly, in almost every single one of these cases, the Genieo adware was found on the machine. In every case where Genieo was found, removing Genieo solved the problem. Read the rest of this entry »


This page and all contents (unless otherwise noted) copyright 2011-2014 by Thomas Reed.
For questions or comments, please contact me.