Category Archives: Security

Oversight in GateKeeper allows for an easy bypass

GateKeeperIconXApple’s GateKeeper is a background technology in OS X that helps thwart malware. It does so by assessing three levels of identification for an app (Unsigned, Signed, and Signed with App Store distribution), and then imposing options to block execution of apps that are either unsigned, or not distributed through the App Store. However, a simple workaround exists that can allow malware to overcome Gatekeeper’s blocks and run.  Continue reading

Apple outlines 25 top apps affected by XCodeGhost

BurnIconXIn order to distribute apps in Apple’s App Store, developers need to keep up to date with the latest versions of XCode; however, Apple has historically released new versions of XCode to US customers before those in other countries. This has spurred developers in China, including reputable ones, to obtain the latest versions of XCode from secondary sources. Unfortunately, these developers were recently duped into using malware-laden versions of XCode that injected malware into their apps upon submission to the App Store. Continue reading

New Zero-Day memory injection vulnerability discovered in OS X

BurnIconXPCWorld is reporting that a new zero-day vulnerability has been found for OS X, which affects versions of OS X from 10.9.5 through to the recently-released 10.10.5. The problem comes from how NULL pointers in programs are handled, where malicious programs may use a special condition to bypass the default location where NULL code is directed to, and allow the program to bypass OS X’s security. Continue reading

Malware developers targeting MacKeeper settlement Web page

BurnIconXFollowing the recent announcement of the MacKeeper legal settlement, malware developers are creating routines that redirect people from the settlement site to nefarious Web pages that use javascript hacks to “lock” a browser. When this happens, you will see an alert window that has an OK button, but clicking the button just pops open another alert. Continue reading

DYLD_PRINT_TO_FILE exploit found in the wild for OS X

BurnIconXA vulnerability exists in OS X where an attacker can take advantage of a routine that is generally intended for logging, and overwrite system files. In doing so, the attacker can modify the system to allow bypassing of OS X’s security measures and give full “root” access to malware installers. The result of this is further modification to an affected Mac can be performed without any indication or authentication requirement. Continue reading

Apple Keychain ‘completely cracked’ by security researchers, but are you vulnerable?

BurnIconXResearchers at the Georgia Institute of Technology have revealed findings that show Apple’s Keychain password service is vulnerable to malware that can steal passwords from other apps on the system and gain access to services and devices that you use with your Mac.

The Keychain stores passwords in an encrypted format, so while direct access to them is exceptionally difficult, OS X supports services that allow apps to authenticate and then have access to the passwords. Continue reading

How to remove the FlashMall adware from OS X

BurnIconXAnytime you are using your Mac and are suddenly inundated with popups, unwanted Web pages opening, and other ads, then you are likely either using or getting too close to illegitimate resources. Generally this happens when you stumble across a nefarious Web site, but at other times it can be from adware and other malware you have installed on your system. One such instance of this is if you find persistent popups showing up on your Mac that reference “FlashMall,” which occurs from having installed the CrossRider trojan. Continue reading