Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!
Posted on March 15th, 2013 at 10:02 AM EDT
Apple posted a couple updates yesterday with some very important security content, and I advise updating as soon as you can. Both Mac OS X 10.8.3 and Security Update 2013-001, available for both Snow Leopard and Lion, contain a number of important security updates. However, one in particular is likely to cause the hair to stand up on the back of the neck of anyone who has been following the saga of Java’s recent descent into vulnerability perdition. Read the rest of this entry »
Posted on March 7th, 2013 at 5:12 PM EDT
Every year, at the CanSecWest security conference, an infamous competition is held, called Pwn2Own. The basic idea of the contest is to “pwn,” or hack, different web browsers or technologies. Hacks must involve previously unknown vulnerabilities, and winners not only get a sizable cash prize, but they also win the computer that they hacked (thus the “Pwn2Own” name). Read the rest of this entry »
Posted on March 1st, 2013 at 6:07 PM EDT
According to ThreatPost, yet another new Java vulnerability has been discovered. Do I really have to say what I’ve said a thousand times before? Nah, there are only so many times one can beat a dead horse. Disable Java in your web browser, or it’s probably only a matter of time before you get infected with something.
Posted on March 1st, 2013 at 4:46 PM EDT
Minecraft has been targeted by malware before (see Cross-platform malware Jacksbot found in the wild), and with Minecraft and Minecraft modifications continuing to be popular, it’s no surprise that it has happened again. Intego announced today the discovery of a new trojan that it has named Minesteal. Read the rest of this entry »
Posted on February 25th, 2013 at 10:37 AM EDT
Once again, Java is in the news after new vulnerabilities have been found. Adam Gowdiak, of Security Explorations, has reported to Softpedia the discovery of two new issues in Java. These issues can, when used together, allow an attacker to once again bypass the Java sandbox altogether and gain access to the user’s machine through a malicious Java applet embedded in a web site. Read the rest of this entry »
Posted on February 19th, 2013 at 5:47 PM EDT
This has been quite an interesting month in security news. Multiple major companies have been hacked, including Apple themselves, and there are rumors of yet another new bit of malware for the Mac. Yet all is still rather unclear. Is this all related? It’s probably too soon to say for sure, but I am guessing that it may be. Read the rest of this entry »
Posted on January 20th, 2013 at 9:31 AM EDT
Security researcher Adam Gowdiak has announced the discovery of two more vulnerabilities affecting the latest version of Java (Java 7 update 11). These are completely separate vulnerabilities from the still not yet fully repaired bug that caused the vulnerability prompting the latest Java update. Of course, it’s not exactly news, at this point, that Java is full of holes that hackers love to exploit. So why am I continuing to beat a dead horse? Primarily, because I continue to hear people dismiss concerns about Java’s security. Java is a sinking ship, folks… you can either hop in a lifeboat and get away or go down with the ship. The choice is yours.
Posted on January 16th, 2013 at 3:39 PM EDT
Brian Krebs has reported today that Java may have fallen victim to yet another vulnerability, which may have been sold to malware creators already. There is no confirmation of this story, but given Java’s past, it wouldn’t be at all surprising. Especially since other reports have indicated that Oracle’s fix for last week’s vulnerability only removed one method for exploiting an underlying vulnerability that still remains in place. I’ve said it before, and it continues to be true: Java is holier than Swiss cheese! If you are still running Java applets in your web browser, in spite of everything that has happened over the course of the last year, you should take this as yet another warning. Find a different way of achieving those tasks and turn off Java in your web browser ASAP!
Posted on January 12th, 2013 at 8:42 AM EDT
Thursday saw the discovery of a new Java vulnerability (see New Java vulnerability discovered). Worse, the discovery of this vulnerability came at the same time as discovery that it was already being exploited actively to drop malware onto vulnerable Windows machines. Macs were undoubtedly soon to follow, since several prominent cross-platform “crime kits,” such as Blackhole, are known to have started using this vulnerability. Fortunately, less than 24 hours after this news broke, both Apple and Mozilla (creators of the Firefox web browser) had acted to protect users of their products against this threat. Read the rest of this entry »
Posted on January 10th, 2013 at 2:15 PM EDT
Seems like it hasn’t been that long since we were talking about the last one of these, but the vicious cycle begins again. Brian Krebbs has reported the discovery of a new vulnerability that affects even users of the latest version of Java (Java 7 Update 10). Once again, users are advised to disable Java in their web browsers. Read the rest of this entry »