The Safe Mac

Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!

Another Tibet variant appears

Posted on September 10th, 2013 at 2:47 PM EST


It has been a little more than a year since the last new variant of the Tibet malware was discovered, but today, Intego reported that a fourth variant has been found. They are calling this new variant OSX/Tibet.D. There are a few important lessons we can learn from this malware. Read the rest of this entry »


Major Java update brings 40 bug fixes

Posted on June 18th, 2013 at 8:43 PM EST


This still doesn’t change my opinion that Java needs to be avoided. These fixes came after almost two months of vulnerability, and Java has had a recent history of becoming vulnerable again within days of each fix. We’ll see how things fall out at this point, but I don’t have high hopes. If you have to use Java in your web browser, though, you should not delay installing this update. Be cautious, though, as some Java applets may not function well (or at all) with the update, so check compatibility beforehand. Of course, that may leave you in the unenviable position of having to choose between staying vulnerable and losing access to the applet that you need Java for in the first place.


Important security updates

Posted on March 15th, 2013 at 10:02 AM EST


Apple posted a couple updates yesterday with some very important security content, and I advise updating as soon as you can. Both Mac OS X 10.8.3 and Security Update 2013-001, available for both Snow Leopard and Lion, contain a number of important security updates. However, one in particular is likely to cause the hair to stand up on the back of the neck of anyone who has been following the saga of Java’s recent descent into vulnerability perdition. Read the rest of this entry »


Java falls three times at Pwn2Own

Posted on March 7th, 2013 at 5:12 PM EST


Every year, at the CanSecWest security conference, an infamous competition is held, called Pwn2Own. The basic idea of the contest is to “pwn,” or hack, different web browsers or technologies. Hacks must involve previously unknown vulnerabilities, and winners not only get a sizable cash prize, but they also win the computer that they hacked (thus the “Pwn2Own” name). Read the rest of this entry »


Another hole in Java

Posted on March 1st, 2013 at 6:07 PM EST


According to ThreatPost, yet another new Java vulnerability has been discovered. Do I really have to say what I’ve said a thousand times before? Nah, there are only so many times one can beat a dead horse. Disable Java in your web browser, or it’s probably only a matter of time before you get infected with something.


New Minecraft password-stealing trojan

Posted on March 1st, 2013 at 4:46 PM EST


Minecraft has been targeted by malware before (see Cross-platform malware Jacksbot found in the wild), and with Minecraft and Minecraft modifications continuing to be popular, it’s no surprise that it has happened again. Intego announced today the discovery of a new trojan that it has named Minesteal. Read the rest of this entry »


Java is vulnerable… Again?!

Posted on February 25th, 2013 at 10:37 AM EST


Once again, Java is in the news after new vulnerabilities have been found. Adam Gowdiak, of Security Explorations, has reported to Softpedia the discovery of two new issues in Java. These issues can, when used together, allow an attacker to once again bypass the Java sandbox altogether and gain access to the user’s machine through a malicious Java applet embedded in a web site. Read the rest of this entry »


Mysterious new malware takes down multiple companies

Posted on February 19th, 2013 at 5:47 PM EST


This has been quite an interesting month in security news. Multiple major companies have been hacked, including Apple themselves, and there are rumors of yet another new bit of malware for the Mac. Yet all is still rather unclear. Is this all related? It’s probably too soon to say for sure, but I am guessing that it may be. Read the rest of this entry »


Two more Java vulnerabilities found

Posted on January 20th, 2013 at 9:31 AM EST


Security researcher Adam Gowdiak has announced the discovery of two more vulnerabilities affecting the latest version of Java (Java 7 update 11). These are completely separate vulnerabilities from the still not yet fully repaired bug that caused the vulnerability prompting the latest Java update. Of course, it’s not exactly news, at this point, that Java is full of holes that hackers love to exploit. So why am I continuing to beat a dead horse? Primarily, because I continue to hear people dismiss concerns about Java’s security. Java is a sinking ship, folks… you can either hop in a lifeboat and get away or go down with the ship. The choice is yours.


Did Java just fall down again?!

Posted on January 16th, 2013 at 3:39 PM EST


Brian Krebs has reported today that Java may have fallen victim to yet another vulnerability, which may have been sold to malware creators already. There is no confirmation of this story, but given Java’s past, it wouldn’t be at all surprising. Especially since other reports have indicated that Oracle’s fix for last week’s vulnerability only removed one method for exploiting an underlying vulnerability that still remains in place. I’ve said it before, and it continues to be true: Java is holier than Swiss cheese! If you are still running Java applets in your web browser, in spite of everything that has happened over the course of the last year, you should take this as yet another warning. Find a different way of achieving those tasks and turn off Java in your web browser ASAP!


This page and all contents (unless otherwise noted) copyright 2011-2014 by Thomas Reed.
For questions or comments, please contact me.