Showing posts sorted by date for query Lion. Sort by relevance Show all posts
Showing posts sorted by date for query Lion. Sort by relevance Show all posts

Apple Hacked By The Same Group Who Attacked Facebook

Posted by Avik Sarkar On 2/20/2013 06:52:00 pm

Apple Hacked, Macintosh Computers Infected  By The Same Group Who Attacked Facebook 

The month of February is not going good for cyber space, specially for giant organization. Last week the social networking giant Facebook fallen victim of a devastating cyber attack which did effected a number of  systems. Facebook admitted that it faced a "sophisticated attack" on computers where it has been found the attackers used a zero-day Java exploit to initiate the attack, but that no user data was compromised. The same thing happened to micro blogging site Twitter and New York Times. And now it was the turn for Apple. The California based multinational company acknowledged that recently their systems has been attacked by hackers who infected Macintosh computers of some employees. Like Facebook here also no data has been effected, "there was no evidence that any data left Apple." -said Apple. 
According to an exclusive report of Reuters -some unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers. The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday. The malware was also employed in attacks against Mac computers used by "other companies," Apple said, without elaborating on the scale of the assault. Experts are presuming that all these cyber attacks of February, that is Twitter, New York Times, Facebook & Lastly Apple Inc was originated from China, and executed by the same hacker group. On the other side few experts are also saying that the group responsible for the hack, has been identified as "Unit 61398" of the People's Liberation Army. But so far there is no proof. 
Apple also revealed that it plans to release a software tool later Tuesday that will protect customers against the same type of software that was used against its employees. 

Apple also provided a statement as follows:-
"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.
Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found..."




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pwn2Own 2013 -Hack Major Browser, Adobe Reader, Flash or Java & Earn in Million Dollars

Posted by Avik Sarkar On 1/24/2013 06:58:00 pm


Pwn2Own 2013 -Hack Major Web-browser, Adobe Reader, Flash or Java & Earn in Million Dollars 

Since the last two years the Pwn2Own hacker contest has become an important fixture in the world of testing the security of software applications, operating systems and hardware devices. In last two years we have seen several hackers, security professionals have expressed their enthusiasm and joined Pwn2Own where four major and widely browser's security get compromised, in order to make applications, software more safe and secure. Last year we have reported how different hackers across the globe taken part in Pwn2Own and successfully hacked Google Chrome, IE & Firefox, and earned millions of dollars. But the contest of this year has some more twist than before as, HP TippingPoint and Google, sponsor of Pwn2Own, has made clear that it is expanding the focus of the competition beyond browsers. Also, Pwn2own 2013 will include $560,000 in prize money for demonstrations of exploits in the major web browsers, Adobe Reader, Adobe Flash or Oracle Java

Contest Dates:-

The contest will take place the 6th, 7th, and 8th of March in Vancouver, British Columbia during the CanSecWest 2013 conference. DVLabs blog post will be updated as the contest plays out and get real-time updates by following either @thezdi or @Pwn2Own_Contest on Twitter or search for the hash tag #pwn2own.

Rules & Prizes:-

HP ZDI is offering more than half a million dollars (USD) in cash and prizes during the competition for vulnerabilities and exploitation techniques in the below categories. The first contestant to successfully compromise a selected target will win the prizes for the category.
  • Web Browser
    • Google Chrome on Windows 7 ($100,000)
    • Microsoft Internet Explorer, either
      • IE 10 on Windows 8 ($100,000), or
      • IE 9 on Windows 7 ($75,000)
    • Mozilla Firefox on Windows 7 ($60,000)
    • Apple Safari on OS X Mountain Lion ($65,000)
  • Web Browser Plug-ins using Internet Explorer 9 on Windows 7
    • Adobe Reader XI ($70,000)
    • Adobe Flash ($70,000)
    • Oracle Java ($20,000)
The targets will be running on the latest, fully patched version of the Windows 7, 8, and OS X Mountain Lion. All targets will be installed in their default configurations, as this is how a majority of users will have them configured. As always, the vulnerabilities utilized in the attack must be unknown and not previously reported to the vendor. If a sandbox is present, a full sandbox escape is required to win. A given vulnerability may only be used once across all categories.
Upon successful demonstration of the exploit, the contestant will provide HP ZDI a fully functioning exploit and all the details of the vulnerability used in the attack. In the case that multiple vulnerabilities were exploited to gain code execution, details about all the vulnerabilities (memory corruption, infoleaks, escalations, etc.) leveraged and the sequence in which they are used must be provided to receive the prize money. The initial vulnerability utilized in the attack must be in the registered category.
Along with prize money, the contestant will receive the compromised laptop and 20,000 ZDI reward points* which immediately qualifies them for Silver standing. 

Full contest rules can be found at http://dvlabs.tippingpoint.com/Pwn2OwnContestRules.html, and may be changed at any time without notice.

Registration:-
Contestants are asked to pre-register by contacting ZDI via e-mail at zdi@hp.com. This will allow the organizer to ensure that they have the necessary resources in place to facilitate the attack. If more than one contestant registers for a given category, the order of the contestants will be drawn at random.






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'Dockster' A New Mac Malware Targeting Apple Users Found on Dalai Lama Related Website

Posted by Avik Sarkar On 12/05/2012 07:33:00 pm

'Dockster' A New Mac Malware Targeting Apple Users Found on Dalai Lama Related Website

Researcher at F-Secure blog has identified that A new piece of malicious software targeted at Apple users has been found on a website dedicated to the Dalai Lama. According to blog post by F-Secure -the website related to Dalai Lama is fully compromised and is pushing new Mac malware, called Dockster, using a Java-based exploit. Dockster tries to infect computers by exploiting a vulnerability in Java, CVE-2012-0507. The vulnerability is the same one used by the Flashback malware, which first appeared around September 2011 and infected as many as 600,000 computers via a drive-by download. Flashback was used to fraudulently click on advertisements in order to generate illicit revenue in a type of scam known as click fraud. Apple patched the vulnerability in Java in early April and then undertook a series of steps to remove the frequently targeted application from Macs. Apple stopped bundling Java in the 10.7 version of its Lion operation system, which continued with the company's Mountain Lion release. In October, Apple removed older Java browser plug-ins in a software update.
But still the matter of relief is that current versions of OS X are not vulnerable; users who have disabled the Java browser plug-in are also not vulnerable. F-Secure researcher Sean Sullivan said Dockster is “a basic backdoor with file download and keylogger capabilities.” Meanwhile F-Secure’s Sullivan, also said that the Dalai Lama’s site is also serving a Windows-based exploit for CVE-2012-4681, the Agent.AXMO Trojan. The Trojan exploits a Java vulnerability that allows remote code execution using a malicious applet that is capable of bypassing the Java SecurityManager. 

Please Note That: The gyalwarinpoche.com site doesn't seem to be as "official" as dalailama.com

While talking about Mac malware, then you must remember that earlier also Mac users faced such attacks when mac Trojan OSX.SabPub was spreading through Java exploits In 2011 we have also seen OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten"targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal information. In the very decent past we have seen a trojan named 'BackDoor.Wirenet.1'  apparently providing its masters with a backdoor into infected systems. It is also capable of stealing passwords stored in browsers like ChromeChromium,Firefox and Opera. For any kind of cyber updates and infose news, stay tuned with VOGH.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple Releases iOS 6.0.1, Serious Flaws in Kernel, Passcode Lock & WebKit Patched

Posted by Avik Sarkar On 11/05/2012 05:08:00 am

Apple Releases iOS 6.0.1, Serious Flaws in Kernel, Passcode Lock & WebKit Patched

Couple of moths ago we got iOS6, where Apple added over 200 new features, including Apple's own Maps app, Facebook integration, Siri improvements, Apple's new Passbook digital wallet app, and more. iOS 6 is compatible with the third-generation iPad, iPad 2, iPhone 4S, iPhone 4, iPhone 3GS, and fourth-generation iPod touch. With such tremendous features there also several security bugs have been spotted in the wild, which is affecting millions of iOS users across the globe. Among those bugs the most serious seems to be a kernel flaw discovered by researcher Mark Dowd of Azimuth Security and Eric Monti of Square that affects iPhone 3GS and later, as well iPod Touch and iPad2 and later. An attacker exploiting the vulnerability could essentially bypass address space randomization layout (ASLR) protections using a malicious application, and could determine addresses in the kernel, Apple’s advisory said. The researchers said the vulnerability, which could expose data to an attacker, occurs in the way iOS handles application programming interfaces in relation to kernel extensions. 

Apple has released updates for iOS 6 which include security fixes. The iOS 6.0.1 update includes security fixes for the kernel, passcode locking and WebKit. The WebKit issues were also fixed in an update of the Safari web browser for Mac OS X. “Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection,” Apple said. “This issue was addressed by unsliding the addresses before returning them.” 
A vulnerability in iOS’ Passcode Lock was also addressed in the latest update that could allow someone with access to the iOS device to access Passbook passes without entering a passcode. “A state management issue existed in the handling of Passbook passes at the lock screen. This issue was addressed through improved handling of Passbook passes,” Apple said. Finally, a pair of WebKit vulnerabilities were patched.
The first involved how iOS handled JavaScript arrays, and could allow an attacker to remotely execute code if a user visited a malicious site and was infected. Apple said it addressed the matter through additional validation of JavaScript arrays. The other WebKit flaw is a use-after-free issue in the handling of SVG images. Scalable vector graphics (SVG) are file formats for static or animated graphics. A user visiting a website hosting a malicious graphic could experience application crashes or worse, an attacker could remotely execute code.  
The iOS 6.0.1 software update also includes fixes for the iPhone 5 to allow it to install over the air updates and to make it work better with WPA2 Wi-Fi networks. There are also corrections for bugs which flashed horizontal lines over the keyboard and stopped the camera flash going off. The two WebKit issues were also the only issues apparently fixed in the Safari 6.0.2 update. Safari 6.0.2 is available through Software Update for Mac OS X 10.7 Lion and the Mac App Store for Mac OS X 10.8 Mountain Lion.

-Source (Apple, threat post & The-H)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple Releases iOS 6 With 200+ New Features & Mountain Lion 10.8.2 With Facebook Integration & Game Center

Posted by Avik Sarkar On 9/23/2012 12:05:00 am

Apple Releases iOS 6 With 200+ New Features & Mountain Lion 10.8.2 With Facebook Integration & Game Center

As expected, here comes double bang from Apple. Apple has also released  iOS 6 along with OS X Mountain Lion 10.8.2 and made available for public. In case of users of recent iPad, iPhone, and iPod touch models can obtain the update either by connecting their devices to iTunes and clicking the "Check for Update" button or checking for over-the-air updates on their devices. iOS 6 adds over 200 new features, including Apple's own Maps app, Facebook integration, Siri improvements, Apple's new Passbook digital wallet app, and more. iOS 6 is compatible with the third-generation iPad, iPad 2, iPhone 4S, iPhone 4, iPhone 3GS, and fourth-generation iPod touch. It will also ship on the iPhone 5, which launches on Friday, and on the fifth-generation iPod touch launching next month. The operating system arrives as the golden master build 10A403 for existing devices, and Apple has also posted a special 10A405 build for the iPhone 5 and a 10A406 build for the upcoming fifth-generation iPod touch.

With iOS Apple quietly pushed out 10.8.2, the second minor update to Mountain Lion since it was released in July. The update is currently available via the Software Update functionality in the Mac App Store. The update includes a number of enhancements, most notably Facebook integration and Game Center. It also includes support for several features integrating with iOS 6, such as Passbook passes and  iMessage/FaceTime access via phone number. 

This update is recommended for all OS X Mountain Lion users, and includes new features and fixes:
Facebook 
• Single sign on for Facebook
• Adds Facebook as an option when sharing links and photos
• See Facebook friends' contact information and profile pictures in Contacts
• Facebook notifications now appear in Notification Center



Game Center
• Share scores to Facebook, Twitter, Mail, or Messages
• Facebook friends are included in Game Center friend recommendations
• Added Facebook "Like" button for games
• Challenge friends to beat your score or achievement



Other new features
• Adds Power Nap support for MacBook Air (Late 2010)
• iMessages sent to your phone number now appear in Messages on your Mac
• You can now add passes to Passbook (on your iPhone or iPod touch) from Safari and Mail on your Mac
• FaceTime can now receive calls sent to your phone number
• New shared Reminders lists
• New sort options allow you to sort notes by title, the date you edited them, and when you created them
• Dictation now supports additional languages: Mandarin, Cantonese, Spanish, Korean, Canadian English, Canadian French, and Italian
• Dictionary app now includes a French definition dictionary
Sina Weibo profile photos can now be added to Contacts

* Requires iOS 6


General fixes
The OS X Mountain Lion v10.8.2 update also includes general operating system fixes that improve the stability, compatibility and security of your Mac, including the following fixes:


• Adds an option to discard the changes in the original document when choosing Save As 
• Unsent drafts are now opened automatically when launching Mail
• Receive Twitter notifications for mentions and replies from anyone
• URLs are shortened when sending tweets from Notification Center
• Notifications are disabled when AirPlay Mirroring is being used
• Adds SSL support for Google searches from the Smart Search Field in Safari
• Adds a new preference to have Safari launch with previously open webpages
• Resolves an issue that may cause the "Enable Autodiscover" checkbox to always remain checked
• Enables access to the Mac App Store when Parental Controls are enabled Support for @icloud.com email addresses
• Resolves a video issue with some VGA projectors when connected to certain Mac notebooks
• Addresses an issue that may prevent Active Directory accounts from being locked out
• Resolves an issue that may cause the policy banner to re-appear prior to logging in
• Improvements to SMB
• Addresses an issue with NIS users when auto-login is enabled
• Addresses an issue in which the Keychain may not be accessible
• Ability to pre-authenticate a FileVault protected system
• Addresses an issue that may cause Xsan to not automatically start after migrating from Mac OS X Snow Leopard 


Direct downloads of OS X 10.8.2 is also available through Apple's site form the following links-



-Source (Apple & MacRumors)                             




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Discovered a New Malware Targeting Apple OS X Exploiting Office Vulnerability

Posted by Avik Sarkar On 5/05/2012 01:21:00 am

Microsoft Discovered a New Malware Targeting Apple OS X Exploiting Office Vulnerability

This year is going bad to worse for MAC users. Earlier we have seen more than 600,000 Mac user infected by Flashback Trojan after this one another Mac Trojan "Backdoor.OSX.SabPub" penetrated mac security. Recently Microsoft has detected a new piece of malware targeting Apple OS X computers that exploits a vulnerability in the Office productivity suite patched nearly three years ago. The malware is not widespread, according to Jeong Wook Oh of Microsoft's Malware Protection Center. But it does show that hackers pay attention if it's found people do not apply patches as those fixes are released, putting their computers at a higher risk of becoming infected.
The exploit discovered by Microsoft doesn't work with OS X Lion, but does work with Snow Leopard and prior versions. Oh wrote that it is likely attackers have knowledge about the computers they are attacking, such as the victim's operating system version and patch levels. The malware delivered by the exploit is written specifically for OS X and is basically a "backdoor," or a tool that allows for remote control of a computer. Microsoft advised those who use Microsoft Office 2004 or 2008 for Mac or the Open XML File Format Converter for Mac to ensure those products have applied the patch.


-Source (Computer World)  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple Offering A Free DVD of Mac OSX Snow Leopard

Posted by Avik Sarkar On 4/22/2012 02:21:00 pm

Apple Offering A Free DVD of Mac OSX Snow Leopard

You haven’t upgraded to Lion or iCloud because you still haven’t forked out money for Snow Leopard yet?If the answer is yes then we have a great news for you and that is Apple is now giving away Snow Leopard to potential iCloud customers. 
In an article sent to MobileMe customers, Apple has recommended that potential customers get in touch with Apple to receive a free DVD of Snow Leopard so that users can upgrade to Lion and move to iCloud. All you have to do is follow this link, log in to MobileMe with your MobileMe account, and fill out your mailing information. Apple will then send you a Snow Leopard DVD for free. The free Snow Leopard offer was presumably initiated to encourage people to upgrade to iCloud before MobileMe is shut down on June 30th, 2012.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Flashback Trojan Infected Over 600,000 Mac-OS Users, Apple Pushes Out Fix Again

Posted by Avik Sarkar On 4/09/2012 12:38:00 pm

Flashback Trojan Infected Over 600,000 Mac-OS Users, Apple Pushes Out Fix Again 

Russian anti-virus vendor Dr. Web spotted a Trojan affecting nearly 600,000 Macs around the world. The near immune image of the Mac OS X has simply crumbled. So much for Macs being relatively safe against malware attacks. That idea took a punch to the stomach this week when the news broke about the Flashback trojan affecting more than half a million Macs worldwide. Flashback is essentially the malware equivalent of a smash-and-grab thief. Exploiting a Java vulnerability, the code installs and runs when the user visits a compromised or malicious website, intercepting private data, like passwords, and sending it back out over the internet. According to Doctor Web, sources claim that “links to more than four million compromised web-pages could be found on a Google SERP [search results] at the end of March. In addition, some posts on Apple user forums described cases of infection by [the latest variant] BackDoor.Flashback.39 when visiting dlink.com.” The trojan, Backdoor.Flashback.39, can infect computers via an infected web page. The vulnerability itself lies in Java, a product which is not Apple’s
About 57% of infected machines were in the US, 20% in Canada, 13% in UK and 6% in Australia. Apple has already issued patches that curb the vulnerability, but it does not necessarily mean that all users have applied the security patch on their Macs. Even Mozilla has block listed all the older and vulnerable Java plug-in from Firefox. Users are recommended to install the recent Apple Java update to close the hole which allows malicious web pages to drop the trojan onto a system and to always check which application is actually asking for your password when requested.

Update: To detect if a system is infected with Flashback, run each of the following commands in the Mac OS X Terminal:-
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

If all these commands respond with "The domain/default pair of ... does not exist", then there is no Flashback infection. Otherwise consult the F-Secure advisory for manual removal instructions.

If you’re running Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3 and Lion Server v10.7.3, be sure to hit up Software Update in your System Preferences.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple Closes Security Hole & Released 5.1.4 of Safari Web-browser

Posted by Avik Sarkar On 3/15/2012 04:47:00 pm

Apple Closes Security Hole & Released 5.1.4 of Safari Web-browser 

Apple closes major security hole and released 5.1.4 of its Safari web browser for Windows and Mac OS X. According to Apple, the maintenance and security update addresses more than 80 vulnerabilities. The update also includes includes various stability and performance improvements as well as fixes for other non-security related bugs. With this release the company also promises an 11 percent boost in JavaScript performance, among other things. A majority of the security holes closed in 5.1.4 were found in the WebKit browser engine used by Safari. These include several cross-site scripting (XSS), cross-origin and HTTP authentication problems, as well as numerous memory corruption bugs that could be exploited by an attacker, for example, to cause unexpected application termination or arbitrary code execution. 
Important Changes:-
  • Improve JavaScript performance up to 11% over Safari 5.1.3* 
  • Improve responsiveness when typing into the search field after changing network configurations, or with an intermittent network connection 
  • Address an issue that could cause webpages to flash white when switching between Safari windows
  • Address issues that prevented printing U.S. Postal Service shipping labels and embedded PDFs 
  • Preserve links in PDFs saved from webpages 
  • Fix an issue that could make Flash content appear incomplete after using gesture zooming
  • Fix an issue that could cause the screen to dim while watching HTML5 video 
  • Improve stability, compatibility, and startup time when using extensions 
  • Allow cookies set during regular browsing to be available after using Private Browsing
  • Fix an issue that could cause some data to be left behind after pressing the “Remove All Website Data” button
For additional information you can prefer to visit Apple official site. TO Download Safari 5.1.4 Click Here. We also like to give you reminder that last moth Apple released the Mac OS X 10.8 Mountain Lion Developer Preview




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mac OS X 10.8 Mountain Lion Developer Preview Released By Apple

Posted by Avik Sarkar On 2/18/2012 11:52:00 pm

Mac OS X 10.8 Mountain Lion Developer Preview Released By Apple
 


Apple released a developer preview of the next major release of its operating system named Mac OS X 10.8 Mountain Lion. If you are a registered Mac developer then you can test the new flavor of Apple. Not to mention in this release Apple has added lost of charming features among them Gatekeeper is really handy one at leat from security point of view. Apple says gatekeeper will "help prevent you from unknowingly downloading and installing malicious software". Some of other features included by apple are iCloud, AirPlay Mirroring, Messages, Reminders, Notification Center, Share Sheets, Twitter Integration, Game Center and so on.
Brief About Gatekeeper:-
The Gatekeeper feature has three levels of security for running applications downloaded from the Internet; "Mac App Store", "Mac App Store and identified developers" and "Anywhere". The first setting only runs applications downloaded from the Mac App Store, in a style similar to the iPhone only running apps from the App Store. Unlike the iPhone though, Gatekeeper lets users allow applications from other sources. The "Mac App Store and Identified Developers" option only allows applications from the store and from developers who have signed their program with an Apple-issued Developer ID, while "Anywhere" allows any program to be downloaded and run. It is unclear how Gatekeeper interacts with software loaded from other media, such as a USB memory stick or CD/DVD.

For More Information & To Download Mac OS X 10.8 Mountain Lion Developer Preview Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple Released Mac OS X Lion v10.7.3 & Closes Security Hole

Posted by Avik Sarkar On 2/02/2012 08:45:00 pm

Apple Released OS X Lion v10.7.3 & Closes Security Hole

As expected Apple has released security update 2012-001 for Mac OS X 10.7.3 and, for Mac OS X 10.6.8 Snow Leopard. In this release they have addressed a number of vulnerabilities in the company's desktop and server operating systems. According to Apple through this release they have patched more than 50 security holes such as remotely execute arbitrary code on a victim's system, gain access to private information or cause a denial-of-service (DoS).
The Client and Server updates fix issues in Address Book, ColorSync, CoreAudio, CoreMedia, CoreText, CoreUI, OpenGL, Internet Sharing, ImageIO, and in the QuickTime media player and various libraries used by Mac OS X. Other problems addressed include vulnerabilities in Apache, the libpng reference library, the PHP scripting language, Subversion and X11. Security Update 2012-001 also corrects problems in Tomcat and SquirrelMail.
Users can download Mac OS X Lion 10.7.3 (Client Standard Update 997.01 MB, Client Combo Update 1.2 GB, Server Standard Update 1 GB, Server Combo Update 1.34 GB) and Security Update 2012-001 (Client 192.73 MB, Server 212.09 MB) from Apple's Support Downloads page. Alternatively, Mac OS X users can upgrade to the latest releases using the built-in Software Update function
Additional information can be found on the support page.

For security issue all the users are advised to update their system as early as possible.


-Source (Apple, The-H)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Fingerprint Security Solution For Apple Mac OS X Lion & Snow Leopard By AuthenTec

Posted by Avik Sarkar On 1/31/2012 11:46:00 pm

Fingerprint Security Solution (Fingerprint Sensor & TrueSuite Identity Management) For Apple Mac OS X Lion & Snow Leopard By AuthenTec
We have earlier discussed the new security implementation of Microsoft and the new technology is called picture password. Now Apple also introducing digital security system in Mac OS. AuthenTec, a leading provider of mobile and network security launches Fingerprint Security Solution including an Eikon fingerprint sensor and TrueSuite identity management software - for Apple Mac laptops and desktop computers running on Lion and Snow Leopard operating systems.
The new Eikon-TrueSuite offering from AuthenTec includes the following features:-
  • Web site logon (new) – logon to websites with a swipe of the finger; no need to type passwords
  • QuickLaunch (new) –launch and logon to favorite websites; associate
  • websites with different fingers
  • Easy fingerprint enrollment/setup
  • Mac logon
  • Fast user switching
  • Automatic updates (new) – ensure your software always incorporates the newest features

The new Eikon fingerprint reader for Mac and matching TrueSuite user software will be available in March for $59.95 from Apple.com, and AuthenTec’s Web store


According To Release Note:-
 
“Based on the strong demand from the Mac community, we are pleased to offer a
fingerprint security solution with features and functions that enhance the user experience and support the newest Apple OS,” said Tom Aebli, AuthenTec Vice President of Software and eCommerce. “AuthenTec is pleased to offer Mac users the same fingerprint security and convenience features already enjoyed by millions of Windows PC users.”


AuthenTec’s software and eCommerce business supports the millions of fingerprint sensors already integrated into laptops, tablets and mobile phones. The software and eCommerce portfolio includes AuthenTec’s TrueSuite identity management software, Eikon fingerprint readers for PC and Mac, KeepVault online backup services, and mobile and PC applications that enhance security and the user experience.


-Source (AuthenTec)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Ettercap 0.7.4 (Lazarus) Network Security Tool For man-in-the-middle Attacks Released

Posted by Avik Sarkar On 12/06/2011 01:51:00 pm


Ettercap is a multipurpose sniffer/interceptor/logger (like Wireshark) for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. It is a suite for man-in-the-middle attacks on LAN. It featuressniffing of live connections, content filtering on the fly and many other interesting tricks.
Official Change Log:-

  • Fixed resource depletion issue
  • Buffer access out-of-bounds issues
  • Multiple buffer overflows
  • Multiple memory leaks
  • Multiple files with obsolete code
  • Fixed SEND L3 errors experienced by some users
  • Fixed a compilation error under Mac OS X Lion
  • Updated build system

Interface:  
All this feature are integrated with a easy-to-use and pleasureful ncurses/gtk interfaces. (see screenshots)
Platform Supported :-
Linux 2.0.x
Linux 2.2.x
Linux 2.4.x
Linux 2.6.x
FreeBSD <= 8.2
OpenBSD 2.[789] 3.x
NetBSD 1.5
Mac OS X (Snow Leopard & Lion)
Windows XP/2003/Win 7
Solaris 11

To Download Ettercap 0.7.4 Click Here 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

VMware Fusion 4.1 Allowing Virtualization of Mac OS X

Posted by Avik Sarkar On 11/21/2011 06:31:00 pm


VMware Fusion 4.1.0 released for Mac OS X. Last last week VMware released an update to its popular virtualization software that adds many improvements and bug fixes. The biggest improvement is the applications ability to run older versions of Mac OS X Leopard and Snow Leopard. Apple changed the Mac OS X licensing terms with the release of Mac OS X Lion. The new software license allows users to install and use virtual machines running the client or server version of Lion on their Mac.  It doesn’t mention anything about older versions of Mac OS X so it is assumed that you still aren’t allowed to run either of them in a virtual machine.
Apparently VMWare is leaving the decision whether or not they virtualize either of the older versions of Mac OS X to the user. If a user tries to install Leopard or Snow Leopard in Fusion 4.1 they will be prompted with a dialog that asks: “Verify that the operating system is license to run in a virtual machine. ” If you select Continue then Fusion will go ahead with the installation of the operating system leaving the decision to go ahead entirely in the user’s hands.

For More Information & To Download VMware Fusion 4.1 Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Firefox 9 Beta For Both Desktop & Android Released

Posted by Avik Sarkar On 11/12/2011 09:30:00 pm


Just after the official release of Firefox 8 now Mozilla has announced the availability of the beta channel version of Firefox 9 for both desktop and android. The beta channel release for desktop brings new features and enhancements for the end user and adds new developer features. Most notable is the Type Inference (TI) engine in Firefox's TraceMonkey JavaScript engine. This allows the engine to generate type information about scripts it is running, analysing the code and then reviewing the dynamic types as the scripts executes. The type information is then used during JIT compilation to generate more efficient code. As JavaScript is a dynamically typed language, the JIT compiler, not knowing the type of data, has had to generate slower code to allow for all possibilities. Type inference can determine, for example if only integers are needed in a loop and then generate machine code which uses only integers; this results 20 to 30 per cent faster JavaScript performance.
Camera support has also been enabled so that HTML5 developers can use it as an input device. The HTML5 Form Validation API automatically validates form fields with numbers, email addresses and URLs without developers needing to write their own code.
Other new features include Mac OS X Lion support which sees visual improvements as Firefox matches the the Mac OS X application toolbar and style; it supports two-finger swipe navigation gestures and is said to be easier to use on multiple monitors. Support for detecting Do Not Track in JavaScript has been added to allow web sites which cannot read the Do Not Track header to detect that the user wants to opt out of behavioural tracking.

To download Firefox 9 Beta Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mac OS X 10.7.2 & Safari 5.1.1 Released (Multiple Security Vulnerability Has Been Fixed)

Posted by Avik Sarkar On 10/14/2011 06:30:00 pm


Apple has released Mac OS X 10.7.2 and, for Mac OS X 10.6.8 Snow Leopard users who have yet to upgrade to Lion, Security Update 2011-006; these updates address a number of security vulnerabilities in the company's desktop and server operating systems. According to Apple, more than 70 holes have been closed by the updates, many of which could be exploited by an attacker to remotely execute code with elevated privileges, gain access to private information, or cause a denial-of-service (DoS).
Mac OS X 10.7.2 and Security Update 2011-006 fix issues in the QuickTime media player, iChat Server, CoreFoundation, CoreMedia, CoreProcesses, CoreStorage, and the kernel, as well as IOGraphics, MediaKit and Open Directory. Other problems addressed by the update include security vulnerabilities in Apache, the Application Firewall, the BIND DNS server, PHP, Python, the SMB File Server, Tomcat and X11. Various root certificates were also added or updated.
Apple also released an update for its Safari web browser for Windows and Mac OS X. Version 5.1.1 of Safari corrects a total of 43 security vulnerabilities, most of which are memory corruption issues in the WebKit browser engine that could be exploited to execute arbitrary code. Directory traversal, policy, and uninitialised memory access issues have also been fixed.

To Download Safari 5.1.1 Click Here

To Download Mac OS X Lion 10.7.2

To Download Security Update 2011-006


-News Source (Apple & The H)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Steve Jobs Died

Posted by Avik Sarkar On 10/06/2011 11:33:00 pm



An episode ends. Apple on Wednesday confirmed that its former CEO, Steve Jobs, has died. He was 56.
"Apple has lost a visionary and creative genius, and the world has lost an amazing human being," Apple said in a note on its Web site. "Those of us who have been fortunate enough to know and work with Steve have lost a dear friend and an inspiring mentor. Steve leaves behind a company that only he could have built, and his spirit will forever be the foundation of Apple."
The Apple.com Web site currently bears a photo of Jobs (left). Apple asked fans to share their memories, thoughts, and condolences via rememberingsteve@apple.com.
Jobs stepped down as Apple CEO in August after nearly 14 years at the helm of the company he co-founded in 1976. "I have always said if there ever came a day when I could no longer meet my duties and expectations as Apple's CEO, I would be the first to let you know. Unfortunately, that day has come," he said at the time.
Apple did not disclose any additional details about his passing, but Jobs had battled health problems for several years. Three years after having successful surgery for pancreatic cancer, Jobs announced in January 2009 that he had a "hormone imbalance" that was robbing his body of necessary proteins. He took a leave of absence, and it was later revealed that he underwent a liver transplant. By June 2009, he was back at work.
Though highly successful, Jobs's busy 2010 again took a toll on his health and he took another leave of absence in January 2011. He surprised and delighted fans, however, by showing up for the debut of the iPad 2 in March, telling those in attendance that he had worked too hard on the product to miss its launch. He was also there to show off iOS 5 and Mac OS X Lion a few months later.
Tim Cook, who is now Apple's CEO, took the stage in Jobs' place to launch the new iPhone 4S, the start of a new era at Apple.

-News Source (PC Mag & Apple)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple Fixes OSX Revir-B Trojan Vulnerability

Posted by Avik Sarkar On 9/29/2011 07:07:00 pm


Apple has updated the bare-bones antivirus protection included with Mac OS X to detect a Trojan horse that poses as a PDF document. That Trojan, named "Revir.A" by Finnish security company F-Secure but "Revir.B" by others, masquerades as a PDF file . Unwary users who download and open the fake PDF actually start a malware chain reaction that infects a Mac with multiple pieces of attack code, including a "backdoor" designed to listen to a hacker-controlled server for further instructions. 
Apple added a signature for Revir on Friday to the detection engine called XProtect included with Mac OS X 10.6, aka Snow Leopard, and Mac OS X 10.7, better known as Lion. Since May, when Apple fought a weeks-long battle with makers of phony Mac security software -- usually called "scareware" or "rogueware" -- XProtect checks daily for new signature updates.
The new signature will detect Revir if a user downloads the fake PDF document using Safari, iChat or Mail -- Mac OS X's native email client -- and then displays a warning urging the user to toss the file into the Trash. On Monday, however, Mac-centric security company Intego said it had spotted a new piece of Mac malware disguised as an Adobe Flash installer.
Tagged "Flashback" by Intego, the Trojan installs itself when the fake Flash file is run, then deactivates the Mac outbound firewall Little Snitch , likely as an attempt to hide communication between the malware and its remote command-and-control server.
Flashback uses the same phony Flash distribution tactic as a Trojan horse named "QHost.WB" found by F-Secure in early August. Apple updated XProtect to detect QHost on Aug. Intego speculated that hackers may think the Flash installer trick will be effective because Lion, unlike earlier Mac OS X editions, does not come with the Adobe software pre-installed.
The French antivirus firm recommended that users download Flash Player only from Adobe's website, and if they're using Safari, to uncheck the box marked "Open 'safe' files after downloading" under the General tab to prevent fake installers like Flashback from running automatically. 


-News Source (Network World)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Vulnerability In OS-X 10.7 Lion Allowing to Change Passwords UN-Authorizedly

Posted by Avik Sarkar On 9/20/2011 07:34:00 pm

A researcher at the Defense in Depth blog has discovered a flaw in Apple's recently released operating system, OS X 10.7 (Lion), which allows passwords to be changed without knowledge of the logged in user's password. The flaw appears related to Apple's move towards a local directory service which has permissions set in an insecure manner. An attacker who has access to a logged in Mac (locally, over VNC/RDC, SSH, etc) is able to change the currently logged in user's password without knowing the existing password as would normally be required:

testmac:~ TestUser$ dscl localhost -passwd /Search/Users/TestUser
New Password:

Historically (in Snow Leopard) you would have needed to enter your existing password first to verify that you in fact are the account holder:

testmac:~ TestUser$ passwd
Changing password for TestUser.
Old Password: -OldPass-
New Password: -NewPass-
Retype New Password: -NewPass-

Not only can a logged in user change their password without knowledge of the existing password, but you can read any other users password hash and make attempts at brute forcing it. Defense in Depth showed how you can parse the hash from openly readable directory information and recover both the hash and the salt used to encrypt the password. This is another great reason to be sure you have secured your Mac properly until Apple makes a fix available. Taking the following steps will help ensure you are protected:

  • Use a secure password to prevent brute force attacks against your account using stolen hashes.
  • Enable the screensaver and set it to prompt you for your password.
  • Disable automatic logon.
  • Never leave your Mac logged in and unattended. Use a "Hot Corner" or the Keychain lock to lock your screen.

For more information and to see the researcher blog post click Here



-News Source (NS & Defence Blog)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple Released Mac OS X Security Update (2011-005) To Stop Certificate Fraud

Posted by Avik Sarkar On 9/11/2011 01:26:00 pm



Apple on Friday issued a security update for Mac OS X 10.7 Lion and 10.6 Snow Leopard, addressing a security issue related to fraudulent online certificates.
Security Update 2011-005 is available to download via Software Update, or as a 15.59MB download for Lion, or 869KB download for Snow Leopard direct from Apple. It is recommended for all Mac users.
The update addresses an issue that could allow an attacker with a privileged network position to intercept user credentials or other sensitive information.
Apple issued the update because fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. Apple's fix removes DigiNotar from the list of trusted root certificates and from the list of Extended Validation (EV) certificate authorities. The security update also configures the default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not viewed as trusted.
Another update was also issued by Apple on Thursday for Lexmark printers in the form of Lexmark 2.6 Printer Driver. It includes the latest Lexmark printing and scanning software for both Lion and Snow Leopard, and the 133.99MB update can be downloaded direct from Apple.

-News Source (Apple Insider)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search